Computer and Network Usage

Recommended By
Administration and Finance
Approved
Ruben Armiñana, President
Issue Date
Tuesday, August 16, 2005
Current Issue Date
Tuesday, August 16, 2005
Effective Date
Tuesday, August 16, 2005
Contact Office
Information Technology
Policy number
2005-4
  1. Scope
    This policy and procedure applies to the use of university computers and the campus network.
  2. Purpose 
    The university must ensure that all computers and data contained therein are managed in a secure and cost effective manner. The university will engage in proactive information security planning and will prepare security incident response plans.
  3. Policy
    1. Computer Registration
      1. Information about all university computers must be registered with the SSU Information Technology department (SSU/IT). Registration information (outlined below) must be kept up-to-date. SSU/IT will approve or deny the ongoing operation of computers based on adherence and compliance to the minimum standards as specified by SSU/IT. An inventory of computers in use in each department will be presented to the VP or each division, and will be updated on a periodic basis.
      2. Information Required for Computer Registration:
        1. Purpose of Computer
          The purpose or function of the computer must be clearly defined.
        2. Department with Budgetary Responsibility 
           The department responsible for the computer must identify a budget to adequately provide for the ongoing operation of the computer. The budget must identify funds for hardware and software updates and refresh.
        3. System Administration 
          The name of the person who is responsible for system administration must be identified. If SSU/IT is responsible, then SSU/IT should be identified as the system administrator. System administrators must be able to demonstrate to SSU/IT that they have the knowledge required to properly manage computers. The administrator must implement SSU/IT-specified requirements and recommendations. The system administrator must have working knowledge of computer operating systems, security, port management, virus protection, and security patches. The system administrator will be required to respond to security alerts and coordinate operational outages.
           The system administrator’s job description must specify sufficient time to handle system administration responsibilities. Operating system updates, patches, virus protection issues, and security responses must be performed in a timely manner. Security responses often require immediate action of the system administrator.
        4. Security Incident Response Plan 
          As security intrusions can cause damage to the network and impact other computers, the system administrator will be required to prepare security incident response plans, which must identify how the system administrator will respond to security incidents in a timely manner.
        5. Backup Strategy
          The system administrator must develop a backup plan outlining how important information on each computer will be backed up. Computer backups must occur on a regular, ongoing basis. Backup plans must be tested to verify the data is accurately backed up, and can be restored when needed.
        6. Critical Data and Personal Confidential Information
          Computers with mission critical data and/or Personal Confidential Information (PCI) must be placed behind a managed firewall. The system administrator will provide the Information Security Officer (ISO) with details about mission critical data, PCI, and the computers containing this information.
          If PCI information will be stored on the computer, operation of the computer must be registered according to the campus PCI official policy. PCI must be transmitted in an encrypted form.
        7. Operating System Patch Management
          The current level of operating system patch must be registered.
        8. Virus protection patch level
          The current level of anti-virus patch must be registered.
        9. Serial Number and Media Access Control (MAC) Address
          The MAC address is a hardware address that uniquely identifies each computer.
        10. Model
          The make and model of the computer must be identified.
        11. Software Licenses
          Information about each piece of software must be registered to ensure legal adherence to copyright protection.
        12. Additional information may be required as needed
    2. Network Connections
      1. Sonoma State University maintains a campus-wide data network designed to support communications for computers in all campus departments. The Network & Telecommunication Services (NTS) department is responsible for the installation and operation of the campus network and for the campus connections to regional and national networks via the Internet.
      2. Approval from the Director of Network & Telecommunication Services (NTS) must be obtained before any equipment, including wireless devices, hubs, bridges, switches, and/or routers are connected to the campus network.

Updated August 16, 2005 by SSU.policies@sonoma.edu