Chat with us, powered by LiveChat

APPENDIX C:  Information Technology Policy

APPENDIX C:  Information Technology Policy

Computer Systems Policy:

Plaza College computer systems, including all related equipment, network devices (specifically Internet access), and peripherals, are provided only for authorized use. Plaza College monitors all computers and information systems for all lawful purposes, including ensuring their use is authorized, managing computers and information systems, facilitating protection against unauthorized access, and verifying security procedures, survivability, and operational security.

Monitoring includes active attacks by authorized personnel and their entities to test or verify the system’s security. During monitoring, information may be examined, recorded, copied, and used for official purposes. Plaza College monitors all information, including personal data, placed on or sent through its systems. Use of this system, authorized or unauthorized, constitutes consent to monitoring of this system. Employees shall not expect privacy in anything they store, send, or receive on company systems.

Unauthorized use may subject you to disciplinary action, including termination of employment. Plaza College reserves the right to use evidence of unauthorized use collected during monitoring for administrative, criminal, or other adverse action. Use of this system constitutes consent to monitoring for these purposes.

Information technology resources are a valuable Plaza College asset and, as such, must be managed correctly to ensure that they are trustworthy, secure, and available for use by faculty, staff, and students. Ensuring this is important to establish an information security policy and standard for managing and securing Plaza College’s resources.

The Information Technology Department (IT) Support does not intend to set or enforce restrictions contrary to Plaza College’s environment of trust and integrity. Instead, the IT Support department implements standards to protect Plaza College’s staff, faculty, and students from illegal or undesirable actions by individuals, both knowingly and unknowingly.

An effective security policy is a group effort that requires the involvement and support of all Plaza College employees. It is the responsibility of every user to know the standards outlined in this policy and act accordingly.

  • Purpose

This policy aims to inform users about the acceptable use of computer equipment and networks at Plaza College. This policy has been implemented to protect the staff, faculty, and students and prevent inappropriate use of computer equipment that may expose Plaza College to multiple risks, including viruses, network attacks, and various administrative and legal issues.

  • Scope

This security policy applies to all workstations, local area networks (Wired and Wireless), systems, servers, and software applications used on campus. It also applies to all Plaza College staff, faculty, and students. Note: All computer hardware and software, data, policies, and procedures are the property of Plaza College. All persons using the above are responsible for maintaining the security and confidentiality of this information.

Software Policy:

Unauthorized software duplication violates United States copyright laws and is a federal offense.

This policy intends to set forth Plaza College’s prohibition against unauthorized software duplication for all computers at Plaza College.  It covers, at minimum, employee—and company-owned personal computers.

This policy will deal only with the unauthorized duplication of software.  In certain instances, copying software is allowed.  This policy will not attempt to identify all cases where copying may be entitled.

The employee must be aware of any licensing agreements and copyright limitations of the software that the employee has obtained.

Plaza College will furnish copyright information regarding software that Plaza College has purchased.

Access:

Plaza College’s policy promotes secure and appropriate access to its applications and the systems and data used, processed, stored, maintained, or transmitted in and through those systems. This policy defines individuals’ responsibilities in promoting secure and appropriate access and applies to all college systems.

Statement of Policy

Plaza College’s policy is that its employees shall not engage in practices that violate software copyright license agreements, whether for business or personal use.

Responsibility for Compliance

The administrators are responsible for making this policy known to employees and ensuring compliance with the procedure.

Reporting Instances

Employees shall immediately notify their supervisor of any known or suspected copying that may violate the provisions of this Policy or Federal copyright laws.  Supervisors shall immediately inform the President of any reported violations.

As a statement of acknowledgment, each employee shall read and sign a non-duplication agreement with Plaza College.  Such understanding will inform the employee that unauthorized software duplication is illegal and may result in disciplinary action and potential legal recourse.  Additionally, it will make the employee aware of Plaza College’s Policy prohibiting unauthorized duplication.

The Policy

2.1. General Use and Ownership.

The Information Technology Department at Plaza College intends to provide a high level of privacy. All users should be aware that the data created on college systems is the property of Plaza College. However, the Information Technology Department cannot guarantee the confidentiality of any information stored on any device belonging to Plaza College.

All faculty, staff, and students are responsible for exercising good judgment regarding personal use frequency on Plaza College’s Systems. Each department is responsible for creating guidelines regarding the personal use of Plaza College’s systems. If there is any uncertainty regarding personal use, the employee or student should contact the Information Technology Department.

For security and network maintenance purposes, The Information Technology Department may monitor individual equipment, systems, and network traffic at any time. Plaza College reserves the right to audit networks and systems periodically to ensure compliance with this policy.

2.2. Security

Information residing on Plaza College systems and networks is confidential and private to Plaza College. Employees should take all necessary steps to prevent unauthorized access to this information.

Employees should keep their passwords private and never allow others to use their computer accounts. Users are responsible for the security of their passwords and accounts. Plaza College requires user-level password changes every three to six months.

Plaza College secures workstations and notebook computers with a password-protected screensaver with the automatic activation feature set to 10 minutes. Alternatively, users must log off when leaving their workstation unattended.

All computers connected to the Plaza College Network, whether owned by a student, employee, or Plaza College, must run approved anti-virus software with the latest virus updates. Staff, faculty, and students should exercise extreme care when opening email attachments, as they may contain a virus, malware, ransomware, or trojan horse.

Employees intending to post to a newsgroup, message board, or other public sites must include a disclaimer stating that the opinions expressed are entirely theirs and not those of Plaza College unless the posting is related to Plaza College Business.

Plaza College maintains the right to assess and monitor all electronic communication.

2.2.1 Multi-Factor Authentication (MFA)

Multi-factor authentication provides additional security to protected accounts, reducing the risks associated with account compromise, phishing, and unauthorized access. This policy establishes standards and requirements for the use of multi-factor authentication with online college accounts. Multi-factor Authentication is a layer of security added to any account, requiring extra information, a physical device to log in, and a password.

Staff, Faculty, and Students must have cellular telephone access to an SMS device or maintain a voice telephone number, a smart device with the Microsoft Authenticator app.  The following may be used for Azure AD Multi-Factor Authentication:

  • Microsoft Authenticator app

(smart device app download “MS Authenticator”)

  • FIDO2 security key
  • OATH software token
  • SMS (texting a code to be entered for verification)
  • Voice call (this can be cellular, hardline, or desktop telephone)

Multifactor authentication devices must be safeguarded and must not be shared with others. Lost or stolen devices should be reported immediately to the Information Technology department. Departments, divisions, and/or programs will be charged for replacement multifactor devices, not including personal devices such as cell phones.

The Information Technology department may consider exceptions to this policy due to technical limitations, system incompatibilities, or significant work disruption.

2.3. Prohibited Use

The following activities are strictly prohibited. Employees may be exempt from these restrictions during work (e.g., Information Technology Department staff may need to scan the network to troubleshoot performance issues). At no time is any Plaza College student or employee taking part in any illegal activity under local, state, federal, or international law while using Plaza College resources.

2.3.1. Systems and Networks.

The following are strictly prohibited without exception:

  • violating any individual or company’s rights protected by copyrights, patents, or any other similar law or regulation,
  • breaking the installation or distribution of software products not licensed for use by Plaza College,
  • making illegal copies of copyrighted material and the structure of copyrighted software for which Plaza College or the user does not have an active license,
  • install malicious programs on the Plaza College network or servers. (Viruses, worms, trojan horses, virus checkers, etc.),
  • revealing your user password to others or allowing others to make use of your account and
  • using Plaza College computers or peripherals in a way that violates sexual harassment or hostile workplace laws.
  • creating security breaches or disrupting network communication. These include but are not limited to accessing data the employee is not the intended recipient of and logging into an account or server the employee is not authorized to access. Disruption includes, but is not limited to, network sniffing, packet spoofing, denial of service, and forging routing information for malicious and harmful purposes,
  • the viewing, downloading, or transmitting of pornographic or any other offensive material is strictly prohibited. Such materials are considered offensive by many and will not be tolerated,
  • obtaining offensive or abusive material over the Internet or other networks.
  • incurring unauthorized network costs,
  • running port scanning or network scanning software is prohibited unless approved by the Information Technology Department,
  • using network monitoring software to intercept data not intended for the employee,
  • bypassing user authentication and security of workstations, servers, or networks,
  • Denying service or access to any user workstation or network networks through “denial of service” tools. This denial of services includes either local networks or external or internal networks, and
  • Provide user and network configuration information or any data belonging to Plaza College to outside individuals or groups.

2.3.2. Email and Communications.

Sending unsolicited email or fax messages or other materials or information to persons or groups that did not specifically request such materials. (e.g., spam emails.):

  • any form of harassment via email, telephone, faxing, or paging,
  • perpetrating fraud or harassment by email or similar means,
  • unauthorized use or forging of email header information,
  • creation or forwarding of chain letters, pyramid schemes, or other similar schemes, or
  • use of Plaza College’s network or systems to advertise other than for business related to Plaza College.
  1. Policy Enforcement

Any violations of the rules put forth in this policy may result in the following disciplinary actions by Plaza College:

  • Limiting a person’s access to some or all of Plaza College’s resources.
  • Initiation of disciplinary actions by Plaza College up to and including, but not limited to, termination of employment
  • Criminal prosecution under state and federal law

Acceptable Use Policy

  1.  Purpose

Plaza College’s computing resources support its educational, instructional, research, and administrative activities. Using these resources is a privilege extended to members of the Plaza community. As a user of these services and facilities, Plaza College provides access to valuable resources, sensitive data, and internal and external networks. Consequently, it would be best to behave responsibly, ethically, and legally.

Acceptable use generally means respecting other computer users’ rights, the integrity of the physical facilities, and all pertinent license and contractual agreements. If Plaza College finds an individual violates the Acceptable Use Policy, Plaza College will take disciplinary action, including the restriction and possible loss of network privileges. A serious violation could have severe consequences, including suspension or termination from Plaza College. Individuals are also subject to federal, state, and local laws governing many interactions on the Internet. These policies and regulations are subject to change as state and federal laws develop and change.

This document establishes specific requirements for using all computing and network resources at Plaza College.

  1.  Scope

This policy applies to all users of computing resources owned or managed by Plaza College. Individuals covered by the policy include (but are not limited to) Plaza faculty and visiting faculty, staff, students, alums, guests or agents of the administration, external individuals, and organizations accessing network services via Plaza’s computing facilities.

Computing resources include all Plaza College-owned, licensed, or managed hardware and software and use of the Plaza College network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.

These policies apply to:

  • technology administered in individual departments,
  • the resources administered by central administrative departments (such as Plaza College Libraries and Computing and Information Services),
  • personally-owned computers and devices connected by wire or wireless to the campus network and
  • off-campus computers that connect remotely to Plaza College’s network services.

2.1   Your Rights and Responsibilities

As a member of the Plaza College community, Plaza College provides you with the use of educational or work-related tools, including access to the Library, computer systems, servers, software, and databases, to the campus telephone and voice mail systems, and the Internet. You have a reasonable expectation of unrestricted use of these tools, certain degrees of privacy (which may vary depending on whether you are a College employee or a matriculated student), and protection from abuse and intrusion by others sharing these resources. You can expect your right to access information and express your opinion to be protected as it is for paper and other non-electronic communication.

In turn, you are responsible for knowing the regulations and policies of Plaza College that apply to the appropriate use of Plaza College’s technologies and resources. You are responsible for exercising good judgment when using Plaza College’s technological and information resources. Just because an action is technically possible does not mean it is appropriate to perform it.

As a representative of the Plaza College community, Plaza College expects that you maintain respect in your electronic dealings with those outside Plaza College.

  1. Policy

3.1 Acceptable Use

You may only use the computers, computer accounts, and files you have authorization for.

You may not use another individual’s account or attempt to capture or guess other users’ passwords. [Computing Passwords Policy]

You are individually responsible for appropriately using all resources, including the computer, network address or port, software, and hardware. Therefore, you are accountable to Plaza College for all use of such resources. As an authorized Plaza College computer user, you may not enable unauthorized users to access the network using a Plaza computer or a personal computer connected to the Plaza network. [Network Connection Policy]

Plaza College binds its contractual and license agreements respecting third-party resources.  Plaza College expects you to comply with all such agreements when using such resources.

It would be best if you made a reasonable effort to protect your passwords and secure resources against unauthorized use or access. You must configure hardware and software to reasonably prevent unauthorized users from accessing Plaza’s network and computing resources.

You must not attempt to access restricted portions of the network, an operating system, security software, or other administrative applications without the system owner or administrator’s appropriate authorization.

You must comply with the policies and guidelines for any specific set of resources to which Plaza College grants access. When other policies are more stringent than another, the more stringent one takes precedence.

You must not use Plaza College computing and network resources in conjunction with the execution of the following:

  • programs,
  • software,
  • processes,
  • or automated transaction-based commands intended to disrupt (or that could reasonably expect to disrupt) other:
    • computer or network users, or
    • damage or
    • degrade performance,
    • software or
    • hardware components of a system.

On Plaza network or computing systems, do not use tools that are generally used to assess security or to attack computer systems or networks (e.g., password crackers,’ vulnerability scanners, network sniffers, etc.) unless you have been specifically authorized to do so by the CIS Information Security Group.

3.2 Fair Share of Resources

Computing and Information Services and other College departments that operate and maintain computers, network systems, and servers expect to maintain an acceptable level of performance and must ensure that frivolous, excessive, or inappropriate use of resources by one person or a few people does not degrade performance for others.

The campus network, computer clusters, mail servers, and other central computing resources are widely shared and limited, requiring that resources be utilized with consideration for others who also use them. Therefore, using automated processes to gain a technical advantage over others in the Plaza community is forbidden.

Plaza College sets limits on resource use through quotas, time limits, and other mechanisms to ensure that users have appropriate access to digital resources.

3.3 Adherence to Federal, State, and Local Laws

Plaza College expects you to uphold local ordinances and state and federal law. Some Plaza guidelines related to the use of technologies derived from that concern, including laws regarding license copyright and intellectual property protection.

As a user of Plaza’s computing and network resources, you must:

Abide by all federal, state, and local laws.

Abide by all applicable copyright laws and licenses. Plaza College has entered into legal agreements or contracts for many of our software and network resources, which require each individual to use them to comply with those agreements.

Observe the copyright law as it applies to music, videos, games, images, texts, and other media for personal use and electronic information production. The ease with which users may copy, modify, or send electronic materials through the Internet makes them extremely vulnerable to unauthorized access, invasion of privacy, and copyright infringement.

Do not use, copy, or distribute copyrighted works (including but not limited to Web page graphics, sound files, film clips, trademarks, software, and logos) unless you have a legal right to use, copy, distribute, or otherwise exploit the copyrighted work. Doing so may provide the basis for disciplinary action, civil litigation, and criminal prosecution.

3.4 Other Inappropriate Activities

Use Plaza’s computing facilities and services for those activities consistent with the educational, research, and public service mission of Plaza College. Other prohibited activities include:

Actions that would jeopardize Plaza College’s tax-exempt status

Use of Plaza’s computing services and facilities for political purposes

Use of Plaza’s computing services and facilities for personal economic gain

3.5 Privacy and Personal Rights

Plaza College expects users to respect networks and computing and the privacy and personal rights of others.

Do not access or copy another user’s email, data, programs, or files without permission from Plaza College’s Chief Information Officer.

Be professional and respectful when using computing systems to communicate with others. Using computing resources to libel, slander, or harass any other person is not allowed and could lead to Plaza College discipline and legal action by those who are the recipients of these actions.

While Plaza College does not generally monitor or limit the content of information transmitted on the campus network, it reserves the right to access and review such information under certain conditions. These include investigating performance deviations and system problems (with reasonable cause), determining if an individual violates this policy, or, as necessary, ensuring that Plaza is not subject to institutional misconduct claims.

Access to files on Plaza College-owned equipment or information will only be approved by specific personnel when there is a valid reason to access those files. Authority to access user files can only come from the Chief Information Security Officer in conjunction with requests or approvals from senior members of Plaza College, as found in the document Emergency Access to Accounts and Information. External law enforcement agencies and Plaza Public Safety may request access to files through valid subpoenas and other legally binding requests. The General Counsel must approve all such claims. Information obtained in this manner can be admissible in legal proceedings or a Plaza College hearing.

3.51 Privacy in Email

While Plaza College ensures many efforts toward email users’ privacy, this may not always be possible. Also, since Plaza College grants employees the use of electronic information systems and network services to conduct Plaza College business, there may be instances when Plaza College, based on approval from authorized officers, reserves and retains the right to access and inspect stored information without the user’s consent.

3.6 User Compliance

When you use College computing services and accept any College-issued computing accounts, you agree to comply with this and all other computing-related policies. You are responsible for keeping current on changes in the computing environment, as published, using College electronic and print publication mechanisms, and adapting to those changes as necessary.

NETWORK CONNECTION and SECURITY POLICY

1.0 Purpose

Plaza College designs this policy to protect the campus network and the Plaza community members from using it. This policy aims to define the standards for connecting computers, servers, or other devices to Plaza College’s network. Plaza College standardizes this policy to minimize the potential exposure to Plaza College and our community from damages (including financial, loss of work, and loss of data) that could result from computers and servers that are not configured or appropriately maintained and to ensure that devices on the network are not taking actions that could adversely affect network performance.

Plaza College must provide a secure network for our educational, research, instructional, and administrative needs and services. An unsecured computer on the network allows denial of service attacks, viruses, Trojans, and other compromises to enter Plaza College’s campus network, affecting many computers and the network’s integrity. These exploits’ damage could include losing sensitive and confidential data, interruption of network services, and damage to critical Plaza College internal systems. Departments that have experienced severe compromises have also experienced damage to their public image. Therefore, individuals who connect computers, servers, and other devices to the Plaza network must follow specific standards and take specific actions.

2.0 Scope

This policy applies to all members of the Plaza College community or visitors who have any device connected to the Plaza College network, including, but not limited to, desktop computers, laptops, servers, wireless computers, mobile devices, smartphones, specialized equipment, cameras, environmental control systems, and telephone system components. The policy also applies to anyone with systems outside the campus network that access the campus network and resources. The policy applies to Plaza College-owned computers (including those purchased with grant funds) and personally owned or leased computers connected to the Plaza network.

3.0 Policy

3.1 Appropriate Connection Methods

You may connect devices to the campus network at appropriate connectivity points, including voice/data jacks, through an approved wireless network access point, via a VPN or SSH tunnel, or through remote access mechanisms such as DSL, cable modems, and traditional modems over phone lines.

Modifications or extensions to the network can frequently cause undesired effects, including loss of connectivity. These effects are not always immediate, nor are they always located at the site of modifications. Thus, extending or modifying the Plaza network must be done within the Information Technology Department’s published guidelines. Information Technology will make exceptions for approved department personnel who demonstrate competence in managing the hardware, as mentioned above.

3.2 Network Registration

Users of the Plaza College networks may be required to authenticate when connecting a device to it. Users may also need to install an agent on their computers before they are allowed to access the network. The role of such an agent would be to audit the computer for compliance with security standards as defined in section 3.4 below.

The IT Department maintains a database of unique machine identification, network addresses, and owners to contact the computer’s owner when necessary. For example, the Department would contact the registered owner of a computer when their computer has been compromised and is launching a denial-of-service attack or a copyright violation notice is issued for the IP address used by that person.

3.3 Responsibility for Security

Every computer or device connected to the network, including a desktop computer, has an associated owner (e.g., a student with a personal computer) or caretaker (e.g., a staff member with a laptop in her office). For the sake of this policy, owners and caretakers are both referred to as owners.

Owners are responsible for ensuring that their machines meet the relevant security standards and manage the security of the equipment and the services that run on it. Some departments may assign computer security and maintenance responsibilities to the Departmental Computing Coordinator or the Departmental Systems Administrator. Therefore, one owner may manage multiple departmental machines plus their personal computer. Every owner should know who is responsible for maintaining their device (s).

3.4 Security Standards

These security standards apply to all devices connected to the Plaza College network through standard College ports, wireless services, and home and off-campus connections.

Owners must ensure that all computers and other devices capable of running anti-virus/anti-malware software have Plaza-licensed anti-virus software (or other appropriate virus protection products) installed and running. Owners should update definition files at least once per week. See the Information Technology Department’s Software Catalog for more information.

Computer owners must install the most recent security patches on the system as soon as practical or as directed by Information Security. Where machines remain unpatched, users should take other actions to secure the device appropriately.

Computer owners of computers that contain Plaza Restricted Information should apply extra protections. The Information Technology Department’s Information Security Group will provide consultations on request to computer owners who would like more information on further security measures. For instance, individuals maintaining files with Social Security information or other sensitive personal information should take extra care in managing their equipment and securing it appropriately.

3.5 Centrally-Provided Network-Based Services

The Information Technology Department, the central computing organization, is responsible for providing reliable network services for the entire campus. As such, individuals or departments may not run any service which disrupts or interferes with centrally-provided services. These services include but are not limited to email, DNS, DHCP, and Domain Registration. The Information Technology Department will make exceptions for approved personnel in departments who can demonstrate competence in managing the services mentioned above. Also, individuals or departments may not run any service or server that requests their Information Technology Department-maintained password.

3.6 Protection of the Network

  • the Information Technology Department uses multiple methods to protect the Plaza network:
  • monitoring for external intruders
  • scanning hosts on the network for suspicious anomalies
  • blocking harmful traffic

Plaza College monitors all network traffic using an intrusion detection system for signs of compromises. Connecting a computer to Plaza College’s network allows Plaza College to scan information on, to, and from your computer.

  • The Information Technology Department routinely scans the Plaza network for vulnerabilities. At times, more extensive testing may be necessary to detect and confirm the existence of vulnerabilities. By connecting to the network, you agree to have your computer or device scanned for possible vulnerabilities.
  • The Information Technology Department reserves the right to take necessary steps to contain security exposures to Plaza College and/or improper network traffic. The Information Technology Department will manage devices that exhibit the behaviors indicated below and allow regular traffic and central services to resume.
  • Imposing an exceptional load on a campus service
  • , showing network traffic that disrupts centrally provided services.
  • exhibiting a pattern of malicious network traffic associated with scanning or attacking others
  • , exhibiting behavior consistent with host compromise
  • The Information Technology Department reserves the right to restrict specific traffic entering and across the Plaza network.
  • The Information Technology Department restricts traffic that is known to damage the network or its hosts, such as NETBIOS.
  • Information Technology Department may also control other traffic types that consume too much network capacity, such as file-sharing traffic.

By connecting to the network, you acknowledge that a computer or device that exhibits any of the behaviors listed above violates this policy and will be removed from the network until it meets compliance standards.

COMPUTING PASSWORDS POLICY

  1. Introduction and Purpose

This policy describes Plaza College’s requirements for acceptable password selection and maintenance to maximize the password’s security and minimize its misuse or theft.

Passwords are the most frequently utilized form of authentication for accessing a computing resource. However, due to the use of weak passwords, the proliferation of automated password-cracking programs, and malicious hackers and spammers’ activity, they are often also the weakest link in securing data. Therefore, password use must adhere to the policy statement found below.

  1.  Scope

This policy applies to anyone accessing or utilizing Plaza College’s network or data. This use may include but is not limited to, the following: personal computers, laptops, Plaza-issued cell phones, and hand-held factor computing devices (e.g., PDAs, USB memory keys, electronic organizers), as well as Plaza electronic services, systems, and servers. This policy covers departmental resources as well as resources managed centrally.

  1.  Policy

All passwords (e.g., email, web, desktop computer, etc.) should be strong and follow the standards listed below. Generally, a password’s strength will increase with length, complexity, and frequency of changes.

More significant risks require a heightened level of protection. Plaza College encourages stronger passwords augmented with alternate security measures such as multi-factor authentication. High-risk systems include but are not limited to courses that provide access to critical or sensitive information, controlled access to shared data, a system or application with weaker security, and administrator accounts that maintain access to other accounts or provide access to security infrastructure.

Plaza College expects central and departmental account managers, data trustees, and security or system administrators to set an excellent example through consistent, sound security procedures.

All passwords must meet the following minimum standards, except where technically infeasible:

Be at least eight characters in length

  • Be at least eight characters in length,
  • contain at least one lowercase character,
  • include at least one number,
  • have at least one “special” character,
  • contain at least one uppercase character,
  • cannot include your first name, last name, or username, and
  • cannot match your previous three passwords.

To help prevent identity theft, personal or fiscally helpful information such as Social Security or credit card numbers must never be used as a user ID or a password.

All passwords should be treated as sensitive information and should, therefore, never be written down or stored online unless adequately secured.

Plaza College expects users to avoid inserting passwords into email messages or other electronic communication forms without the Information Technology – Security Department’s consent.

Plaza College expects passwords to be encrypted before being sent through transit, email, text, or other digital communication.

Plaza College expects that you avoid using the same password for access to its digital systems as those used externally or for personal websites (e.g., online banking, benefits, etc.).

Plaza College recommends changing passwords at least every three or six months.

Do not share individual passwords with administrative assistants or IT Support Department administrators. Necessary exceptions may be allowed with the written consent of ISG and must have a primary responsible contact person. Shared passwords used to protect network devices, shared folders, or files require a designated individual to be accountable for maintaining those passwords. That person will ensure that only appropriately authorized employees can access the passwords.

If you suspect a compromised password, it should be changed immediately, and the incident should be reported to the Plaza College Chief Information Officer.

Password cracking or guessing may be performed periodically or randomly by ISG or its delegates with the appropriate system administrator’s cooperation and support. If a password is guessed or cracked during one of these scans, the password owner must change it immediately.

Note: Consult the Strong Document Passwords for suggestions on forming hard-to-guess/easy-to-remember passwords.

3.1 Account Administration Standards

In addition to the general password guidelines listed above, the following apply to desktop administrator passwords.  Except where technically and administratively infeasible:

  • change passwords at least every three months.
  • guessing passwords is limited to ten incorrect guesses. Access should be locked for at least ten minutes unless a local system administrator intercedes.
  • failed attempts should be logged unless such action results in the display of a forgotten password. It is recommended that these logs be retained for a minimum of 30 days. Administrators should regularly inspect these logs, and any irregularities or compromises should be immediately reported to the Information Security Group.

3.2 Shared Accounts

In addition to the general password standards listed above, the following apply to server administrator passwords, except where technically and/or administratively infeasible:

Passwords for servers must be changed as personnel changes occur.

If an account or password is suspected to have been compromised, the incident must be reported to ISG, and potentially affected passwords must be changed immediately.

Where technically or administratively feasible, attempts to guess a password should be limited to ten incorrect guesses. Access should be locked for at least ten minutes unless a local system administrator intercedes.

Uniform responses should be provided for failed attempts, producing simple error messages such as “Access denied.” A standard response minimizes clues that could result from hacker attacks.

Failed attempts should be logged unless such action results in the display of the failed password. It is recommended that these logs be retained for a minimum of 30 days. Administrators should regularly inspect these logs, and any irregularities, such as suspected attacks, should be reported to the Information Security Group.

Note: Log files should never contain password information.

G SUITE FOR EDUCATION, TERMS OF SERVICE for USE OF

1.0 Purpose

This policy describes Plaza College’s terms of service for using the Google Workspace for Education service. Plaza provides email services to support the educational, administrative, and alums activities of Plaza College and to serve as a means of official communication by and between users and Plaza. Due to changes in Plaza’s email services, all Plaza community members now have their Plaza.edu mail accounts remotely hosted by Google. The purpose of these terms of service is to make the Plaza College community aware of specific obligations when utilizing the Google Workspace for Education service. Section 3.0 below will also be reviewed upon first accessing a Google-hosted account. This document was developed to ensure that this service remains available and reliable and is used for purposes appropriate to Plaza College’s mission.

2.0 Scope

This policy applies to all students, faculty, staff, and alums utilizing the Google Workspace for Education service.

3.0 Policy

To use Google’s services as provided to Plaza, all participants must be aware of, agree to, and adhere to the following:

When utilizing Google Workspace for Education services, Plaza College binds you to its Acceptable Use Policy.

Anyone in the Plaza College community utilizing Google Workspace for Education services must agree and adhere to the Google Terms of Service presented for review when creating your account.

Anyone in the Plaza College community utilizing Google Workspace for Education services must know that Google stores data in data centers outside the United State’s borders.

As stated in the Plaza College Acceptable Use Policy, anyone in the Plaza College community utilizing Google Workspace for Education services acknowledges that Plaza can monitor, use, or disclose their data. Google provides Plaza with the ability to do so. Any access to information stored on your account will follow the current College practice standards for emergency access found in the Emergency Access to Accounts and Information document.

Alumni using Google Workspace for Education services must also conform to the Alumni Acceptable Use Policy.

The Plaza College Help Desk supports anyone in the Plaza College community utilizing Google Workspace for Education services.

Anyone in the Plaza College community utilizing Google Workspace for Education services must acknowledge that Google can terminate their account if they fail to abide by the Google Terms of Service.

4.0 Of Special Note in the Google Terms of Service

Anyone in the Plaza College community utilizing Google Workspace for Education services agrees to Google’s Acceptable Use Policy, which states that you agree not to use the Google services provided to you:

  • to generate or facilitate unsolicited bulk commercial email;
  • to violate, or encourage the violation of, the legal rights of others;
  • for any unlawful, invasive, infringing, defamatory, or fraudulent purpose;
  • to intentionally distribute viruses, worms, Trojan horses, corrupted files, hoaxes, or other items of a destructive or deceptive nature;
  • to interfere with the use of the Services, or the equipment used to provide the Services, by customers, authorized resellers, or other authorized users;
  • to alter, disable, interfere with, or circumvent any aspect of the Services;
  • to test or reverse engineer the Services to find limitations, vulnerabilities, or evade filtering capabilities;
  • to use the Services, or a component of the Services, in a manner not authorized by Google.

5.0 Changes to this policy

Plaza College reserves the right to change this policy at any time. Plaza will post the most up-to-date version of the Policy on Plaza’s website and may, at its discretion, provide users with additional notice of significant changes. A user’s continued use of the service after any changes are published binds the user to the revised policy.

EMERGENCY MESSAGING (EMS) AND ALERT SYSTEM

Plaza College uses its EMS for campus-wide broadcasts for:

  • Situations determined to be imminent and requiring immediate action
  • Curtailed operations messages (sent to those enrolled on the Weather Alert list)
  • Messages relevant to essential campus operations or lack thereof
  • Testing

FREE SPEECH IN CYBERSPACE

Plaza College supports an environment of free speech. However, the administration is also responsible for protecting the rights of others in the Plaza College community.  Therefore, it is pertinent to maintain an atmosphere in which insults, obscenities, or harassing speech are prohibited.  For the protection of all constituents, Plaza College maintains the following guidelines:

  • Using or posting inappropriate statements is unacceptable
  • Broadcasting messages that could cause network congestion is prohibited
  • Performing unwanted communication in an intrusive manner is unacceptable
  • Users will utilize appropriate standards when using electronic systems to communicate

In conclusion, the administration and Information Technology department recommend common sense and discretion to all users in the Plaza College community. Accessing the Internet from campus computers is a privilege for Plaza College users. Users should appreciate the opportunity to utilize technology while exhibiting care and respect for all other users.

718-779-1430

118-33 Queens Boulevard
Forest Hills, NY 11375

© 2023 Plaza College. All Rights Reserved. Created By Lounge Lizard.