I. Active Directory Membership
All Pittsburg State University computing devices purchased with university funding or whose support and maintenance is the responsibility of university technicians and that is capable of being placed in Active Directory (AD) shall be placed in the PITTSTATE.EDU Active Directory Domain using the university’s central domain controllers – currently named dc1.pittstate.edu and dc2.pittstate.edu. In addition, all Apple devices meeting these same criteria that are capable of being enrolled with a MAC server, shall be enrolled with the university’s central MAC server – currently named ois-apple-svr.pittstate.edu.
II. Naming Conventions
Purpose
Provide a naming convention for all units within Pittsburg State University’s Active Directory that uniquely identifies workstations, servers, users, groups, organizational units (OUs), Group Policy Objects (GPOs) and distribution lists. PSU has thousands of objects that provide information and act as resources to many departments. The only possible way to ensure AD can be used effectively is to enforce naming standards. Aside from avoiding name collisions, naming standards will allow users and administrators to efficiently search through thousands of objects and locate their resources and data.
User Account Names
AD user accounts have account names and distinguished names that identify them within Active Directory. The user account name shall be identical to the email address prefix assigned to the client and shall adhere the naming convention previously established for email address prefixes.
Computer Names
It is recommended that when naming a computer object that you follow the guidelines below.
How do we name our client machines?
Example: SSLS-asagehorn
How do we name our lab/kiosk workstations?
Dept-LabID-Sequence
Example: Const-Lab302-1
Printer Names:
It is recommended that when naming a printer object you follow the guidelines below.
How do we name our printers?
Dept-Location-PrinterType
Example: OIS-KC158-Copier
Group Policy:
ITS – in cooperation with the appropriate technicians across campus – will work to develop and deploy group policy templates that will be used to enable “best practice” configurations for computer workstations, lab computers, and other applicable computing devices.
Distributed Administration:
ITS will delegate certain administrative permissions within active directory to campus technicians as needed to permit effective support of the devices in their areas of responsibility.
III. Storage Policy
a. Purpose
The intent of this policy is to encourage responsible use and management of the enterprise storage services provided by PSU servers.
b. Policy
Each user and department will receive an initial allocation of enterprise class storage (P drive space) as outlined in the table below. Only legitimately work-related files are appropriate consumers of the dollars required to provide enterprise class storage. Summary reports are available showing total consumption by each user and department folder. Additional reports provide aggregate totals by file type for the entire storage pool. Individuals or departments may be contacted to gather information and discuss storage requirements if unusual growth patterns are present. If needed, technical assistance can be provided to relocate items to alternative hard drive or optical storage media.
c. Initial Allocations
All enterprise storage consumers are allocated storage by default as follows:
Group Status |
Allocation |
Departmental |
15 Gb |
Working Groups |
10 Gb |
Users |
5 Gb |
The amount of unused storage will appear as “free space” when viewing the contents of “P” drive or department folders. The computer cannot allocate additional enterprise storage space when the amount of reported free space reaches zero.
Some users, departments, or working groups may have legitimate need for additional storage in order to perform their job function. To request an increase please contact the Gorilla Geeks (x4600) to create a support ticket explaining the space problem being encountered. The requestor should detail the amount of additional space they estimate will be needed, and provide information about the intended use for the increased storage requested. OIS storage experts will process each request and may contact the requestor for additional information or to offer alternative suggestions if appropriate.
d. Notification
Each evening the storage system will review disk storage for each user, department, and working group. Automatically generated emails will be sent to each user whose reported free space is at or below 15%.
e. Review
This policy will be reviewed annually – more often if technological developments warrant.
________________________________________________________________________
Responsible Office: Information Technology Services
Approved by Information Technology Council: May 16, 2013
Approved by President’s Council: May 20, 2013
Effective Date: May 20, 2013
Review Cycle: Annual
Pittsburg State University acknowledges and upholds federal and state copyright laws. Copyright protection exist for documents and information distributed and shared via the Internet. Pittsburg State University accepts the copyright guidelines outlined in the Digital Millennium Copyright Act (DMCA). PSU is an "online service provider" to the campus community and takes these responsibilities seriously. Pittsburg State University's students, faculty and staff must adhere to ethical copyright practices.
Termination Policy for Violation of Copyright
Pittsburg State University is an "online service provider" as defined by the Digital Millennium Copyright Act (DMCA) [Public Law 105-304].
Responsibility: Users of the Internet services of Pittsburg State University are responsible for compliance with all copyright laws pertaining to information and files they place, distribute, and receive on the Internet using University facilities.
Termination of privileges: Use of the University's online services will be terminated for anyone who violates the copyright provisions of the United States Code on the third notice of violation by the University when the University is able to discern the identity of the person who committed the violations.
Designated Agent: The Pittsburg State University "Designated Agent", as provided for by the DMCA, for notification of possible violations of copyright is:
Jamie L. Brooksher
General Counsel
Pittsburg State University
1701 S. Broadway
Pittsburg, KS 66762-5880
Voice: 620-235-4136
Fax: 620-235-4080
E-mail: jbrooksh@pittstate.edu
Elements of Notification: A notification of claimed infringement must be a written communication provided to the designated agent of a service provider that includes substantially the following:
Take Down: To the extent reasonably possible, Pittsburg State University will expeditiously remove and/or block access to material posted by a user upon notice of infringement of copyright provided to the Designated Agent by the United States Copyright Office.
Notice: If Pittsburg State University can reasonably discern the identity of the person responsible for the violation, that person will be promptly notified by the Designated Agent and will be provided with the following information:
Put Back: If the individual receiving notice of improper use believes that the material in question is being used lawfully, a "counter notice" should be provided to the Designated Agent and Pittsburg State University will restore access within 14 days of the counter notice, unless the matter has been referred to a court. The Counter Notice must contain the following:
Privacy Rules: Under the DMCA, Pittsburg State University may be obligated to provide names of individuals using its online services upon the order of a Federal court. The University will safeguard the privacy of a user's identity on the Internet to the full extent of the law.
Circumvention of Protection Technologies: The DMCA prohibits the "circumvention" of any effective "technological protection measure" (e.g., a password or a form of encryption) used by a copyright holder to restrict access to its material.
Further Information: Questions about compliance with the DMCA at Pittsburg State University may be addressed to the Designated Agent listed above.
Pittsburg State University
Data Classification, Access and Information Protection Policy
Purpose
Data and information are important assets of Pittsburg State University (PSU) and must be protected
from loss of integrity, confidentiality, or availability in compliance with university policy and guidelines, Board of Regents policy, and state and federal laws and regulations.
Scope
This policy applies to all university colleges, departments, administrative units, and affiliated
organizations. For the purposes of this policy, affiliated organization refers to any organization that
uses university information technology resources to create, access, store, or manage University Data. For third party vendors who create, store, or maintain University Data per a contractual agreement, the agreement should include language specifying how, and to what extent the vendor is to comply with this policy.
Policy
All University Data must be classified according to the PSU Data Classification Schema. It must be
accessed with the appropriate level of permission according to PSU’s Roles and Responsibilities, and
protected according to PSU’s Security Standards. This policy applies to electronic data in all formats
and media.
Data Classification Schema
Data and information assets are classified according to the risks associated with data being stored or
processed. Data with the highest risk need the greatest level of protection to prevent compromise;
data with lower risk require proportionately less protection. Three levels of data classification will be
used to classify University Data based on how the data are used, its sensitivity to unauthorized
disclosure, and requirements imposed by external agencies. Unless otherwise indicated, Non-Public is
the default classification for data.
Level I Public (Low Sensitivity) – Data which are of interest to the general public and for which
there is no University business need or legal reason to limit access. Public data may be made
available to the general public in printed or electronic format. Anyone in the general public
may view these data using such public sources. Examples of public data include but are not
limited to:
Level II Non-Public (Moderate Sensitivity) – Data held by the University for operational,
educational, and/or other purposes, which are not appropriate and/or readily available for
general public use. Non-public data will be available to authorized University employees for
inquiry/download only in support of the performance of their assigned roles/duties. Non-public
data may be released to individuals or groups outside of the University community only with
approval from the appropriate Data Steward, Records Custodian, or as required by law.
Examples of non-public data include but are not limited to:
Level III Confidential (High Sensitivity) – Highly sensitive data intended for limited, specific use
by a workgroup, department, or individuals with a legitimate need-to-know. Explicit
authorization by the Data Steward is required for access because of legal, contractual, privacy
or other constraints. Examples of confidential data include but are not limited to:
Personal Identity Information (PII) - An individual's name (first name and last name, or
first initial and last name) in combination with one or more of the following: a) Social
security number, b) driver's license number or state identification card number, or c)
financial account number, or credit or debit card number, alone or in combination with
any required security code, access code or password that would permit access to a
consumer's financial account.
Roles and Responsibilities
Everyone (employees, temporary employees, student employees, volunteers) with any level of access to University Data has the responsibility to protect that information from unauthorized access,
modification, destruction, or disclosure, whether accidental or intentional. The following roles have
specific responsibilities for protecting and managing University Data.
Any suspected loss, unauthorized access, or exposure of University Data classified as Non-Public or
Confidential must be immediately reported to the Information Security Officer, security@pittstate.edu
or 620-235-4657.
Electronic Record Retention Schedule
Pittsburg State University follows the State of Kansas record retention schedules. Schedules are
available at the following link under the heading "State General Schedule":
http://kshs.org/recmgmt/retention_schedule_entries/browse
State Resources in regard to record retention schedule language and definitions:
Government Records Preservation Act:
http://www.kslegislature.org/li/b2013_14/statute/045_000_0000_chapter/045_004_0000_article/045_004_0002_section/045_004_0002_k/
State Records Management Manual: http://www.kshs.org/p/state-records-anagementmanual/11365
Electronic Records Guidance: http://www.kshs.org/p/electronic-records/11334
Legal Hold
Retention procedures will be suspended when a record is placed on legal hold. A legal hold requires
preservation of appropriate records under special circumstances, such as litigation or government
investigations.
Records Management
Data Classification Committee
Members must include at a minimum:
Responsibilities
University Data
University Data is information created, collected, maintained, transmitted, or recorded by or for the
university to conduct university business. It includes data used for planning, managing, operating,
controlling, or auditing university functions, operations, and mission.
________________________________________________________________________
Responsible Office: Office of Information Services
Revision Approved by Information Technology Council: 6/3/15
Revision Approved by President’s Council: 8/21/15
Original Effective Date: 8/21/15
Review Cycle: Annual
Illegal Peer to Peer File Sharing
Pittsburg State University maintains network services for students and employees in the University community to utilize in order to further the mission of the University.
PSU is required by Federal Law (H.R. 4137, Higher Education Opportunity Act - HEOA) to make an annual disclosure informing network users that illegal sharing, distribution, and/or downloading of copyrighted materials may lead to civil and/or criminal penalties. Pittsburg State University takes the responsibility of following this law seriously. Therefore, the following information is provided to help the PSU community avoid breaking this law.
Copyright protection subsists, in accordance with this title, in original works of authorship fixed in any tangible medium of expression, now known or later developed, from which they can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device. Works of authorship include the following categories:
(1) literary works;
(2) musical works, including any accompanying words;
(3) dramatic works, including any accompanying music;
(4) pantomimes and choreographic works;
(5) pictorial, graphic, and sculptural works;
(6) motion pictures and other audiovisual works;
(7) sound recordings; and
(8) architectural works.
In no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work.
Therefore illegal downloading, copying, distribution, or use of games, software, music, movies, or any other digital media is considered a violation of this law.
PSU uses a variety of tools to deter such activity on campus, including:
-Bandwidth management devices
-Switch management protocols
What are the consequences of Illegal Peer to Peer File Sharing?
-PSU penalties: Use of the University's online services will be terminated for anyone who violates the copyright provisions of the United States Code on the third notice of violation by the University.
-Federal penalties:
There are a host of legal alternatives for downloading music, movies, software, and games. Below you will find a variety of links that could be used for such downloads:
-iTunes - Movies, Music, Audio Books: www.apple.com/itunes/
-Amazon - Music, Audio Books: https://www.amazon.com/MP3-Music-Download/
-Rhapsody - Music by Yahoo: www.rhapsody.com
-Napster - Music by Best Buy: www.napster.com
-7 Digital - Music: us.7digital.com
-Last FM- Streaming music and video: http://www.last.fm
-Pandora - Streaming Radio: www.pandora.com
-Netflix - Streaming Movies/TV: www.netflix.com
-Audible - Audio book downloads: www.audible.com
-Hulu - Television: www.hulu.com
-Many major Networks allow various programming to be streamed at no cost.
Department of Education website:
http://www2.ed.gov/policy/highered/leg/hea08/index.html
Govtracks.us website:
http://www.govtrack.us/congress/bill.xpd?bill=h110-4137
US Government Copyright website:
http://www.copyright.gov/title17
Pittsburg State University Copyright Policy:
Policy Purpose:
The Pittsburg State University Information Technology (IT) Lifecycle Policy
was developed to ensure the security of campus data and of campus
network services, as well as provide for satisfactory and efficient client IT
experiences.
To ensure perspectives from various areas of campus, the policy was
developed by the IT Lifecycle Committee, which is made up of 10 diverse
campus stakeholders.
Information Technology Lifecycle Committee Purpose:
The IT Lifecycle Committee was formed at the request of the Information
Technology Counsel (ITC) to develop a policy that would guide those who
manage and purchase campus technology. The goal of the policy is to
ensure the security of campus data and of campus network services, as well
as provide for satisfactory and efficient client IT experiences. The IT
Lifecycles Committee reviews all submitted IT Lifecycle Exception requests.
Exceptions to the above policy are considered in isolated circumstances.
To request an exception please complete the IT Lifecycle Exception Form
and send it to ITLifecycleException@pittstate.edu for consideration.
Membership Structure of the IT Lifecycle Committee:
• 2- Academic Tech Representation
• Support Tech Representation
• Purchasing Officer Representation
• 2-Academic Chair Representation
• Library Representation
• IT Security Officer
• Help Desk and IT Training Representation
• Chief Information Officer
IT Lifecycles Policy:
End Of Life:
Recommended Best Practices:
• Hardware/Software Replacement Plan: It is recommended that all
University departments have a written plan for updating IT resources
(hardware, software, peripherals, etc.) and aligning those updates to
budgeted funds. (Note: Industry standards indicate that updating
computer hardware every 3-4 years is current industry best practice.)
• Waterfalling Hardware: After hardware is replaced with new
hardware. The old hardware should be considered for other uses as
well as for permanent disposal. Things to consider are the age,
performance, and efficiency of the hardware as well as the computer
technician to hardware ratio in your respective area.
• Peripheral Devices: It is often difficult, and not fiscally responsible, to
replace peripheral devices (printers, projectors, monitors, keyboards,
mice, etc) as often as computer hardware and software at EOL of the
product. It is recommended to consider the replacement and
maintenance of these items carefully. It may be more efficient to
allow older peripherals to remain in place until they no longer
function with a backup plan in place when/if the device no longer
functions.
• Bulk IT Purchases: It is recommended that departments plan for
purchasing carefully and pool large IT purchases at the same time to
ensure price breaks. The coordination of bulk IT purchasing takes
place through the Office of Information Services (OIS) in July,
December, and May of each fiscal year. Additional bulk purchasing
times can be arranged by contacting the Chief Information Officer.
Developed by the IT Lifecycle Policy Committee: April 19, 2017
Adopted by Information Technology Council: April 20, 2017
Approved by President’s Council: June 19, 2017
Policy is reviewed annually by The Information Technology Lifecycle Committee
Mr. BulkE
Mr. BulkE is a bulk email process that allows distribution of email messages to identifiable groups. Use it to send email notices to groups on campus with a few clicks of the keyboard. One word of caution, this system is not intended for the distribution of spam (junk email). Please use the system to enhance communication on campus and not bog it down.
What is Mr. BulkE?
Mr. BulkE is a system that allows for the delivery of bulk email to large and small groups on campus. Mr. BulkE's advantages are that it:
Currently Mr. BulkE is divided into several categories: Mr. BulkE Campus, Mr. BulkE Rosters, Mr. BulkE Majors/Minors, Mr. BulkE Schools, Mr. BulkE Advisees, and Mr. BulkE Special Groups.
Mr. BulkE Campus allows designated personnel in a department and other key staff to email messages to the campus at-large and groups identified below:
All Unclassified and Classified Employees
Unclassified - regular (includes temp, exempt, non-exempt & 12 month)
Unclassified - temp
Unclassified - exempt
Unclassified - non-exempt
Unclassified - 12 monthClassified - regular (includes temp, exempt & non-exempt)
Classified - temp
Classified - exempt
Classified - non-exempt
Teaching Faculty
KNEA Unit
Deans, Directors & Chairs
Deans, Directors, Chairs and Contact Person
Timekeepers
Deans, Directors and Chairs - President's Office
Deans, Directors and Chairs - Academic Affairs
Deans, Directors and Chairs - University Advancement
Deans, Directors and Chairs - Administration and Campus Life
Deans, Directors, Chairs, Contact Persons - President's Office
Deans, Directors, Chairs, Contact Persons - Academic Affairs
Deans, Directors, Chairs, Contact Persons - University Advancement
Deans, Directors, Chairs, Contact Persons - Administration and Campus Life
Mr. BulkE Rosters is an email delivery system that allows a faculty member to email students who are enrolled in one of that faculty member's classes. Faculty and other teaching staff can access Mr. BulkE Rosters via GUS. Each course they are teaching will be listed with links to each respective course roster. Students can be emailed individually or as a group.
Mr. BulkE Majors/Minors is a system that allows designated personnel in a department to contact all students in a given major or minor. This system is based on a student's declared major/minor and is maintained dynamically by the student information system for enrollment. Mr. BulkE Majors/Minor is available to vice-presidents, deans, major department chairs, and designated personnel in a department.
Mr. BulkE Schools is a system that allows designated personnel to contact all students in a given school. This system is based on a student's declared major and is maintained dynamically by the student information system for enrollment. Mr. BulkE Schools is available to vice-presidents, deans, department chairs and designated personnel in a department.
Mr. BulkE Advisees is an email delivery system that allows an advisor to email one or more of the currently enrolled students who are listed as advisees. Mr. BulkE Advisees is available to chairs, advisors and designated personnel in the department.
Mr. BulkE Special Groups has a number of options, but is primarily used for self-selected lists of people (Mr. BulkE Savelists), special subgroups of campus students (i.e., all honors college students or all students living in university housing), and all currently enrolled students. Mr. BulkE Savelists is limited to select individuals who are able to create their own self-selected lists. Please contact ITS if you have a need for this type of service. Mr. BulkE for special subgroups is only available to the office or person who is directly in charge of that group (i.e., housing office for housing students). Mr. BulkE for all students is limited to these individuals: Administrative Specialist for the Registrar, Office of Associate VP for
Campus Life, Director for Public Relations, Office of Enrollment Management and Student Success, Office of Provost and Academic VP, and Associate Director for Information Services. If you have a need to email a special subgroup, please contact the person in charge of that group. If you have a need to email the entire enrolled student body, please contact one of the above listed persons.
What's the policy on using Mr. BulkE?
Mr. BulkE is intended for the distribution of campus information and should be short and to the point. Below are some examples of messages that Mr. BulkE is NOT intended to broadcast:
Bounced Messages
Mr. BulkE messages are sometimes bounced. Bounces can occur for any number of reasons, including a bad email address, the receiving system being down, or the recipients inbox being full (quota problems). You might expect 5 - 10% of the emails sent via Mr. BulkE to students to bounce for some reason. This means that if you send out a Mr. BulkE to 1,000 currently enrolled students, you might expect to receive 50 to 100 bounces. This number goes down when you are emailing faculty and staff, as the email addresses are more likely to be correct and quotas are less likely to be full. This number goes up when you are emailing prospective students, who, as yet, have not established a direct contact with PSU.
Receiving an excessive number of bounces may result in your own email account becoming "over quota", and as a result, other incoming messages to your account may not be received. The email quota for individuals who send Mr. BulkE emails has been increased, but a large number of bounces could still be a problem. In order to minimize this, please be sure to use the following suggestions:
Email Addresses
Current university policies and procedures for changing and/or deleting regular mailing addresses should be used for email addresses. These policies and procedures include:
Helpful Suggestions
Mr. BulkE is best used for short messages. These messages may point to a web page which contains more detailed information if necessary.
Mr. BulkE messages can contain links to web pages and email (use the format http://xxxxx.xxx/xxx.html or and, replace the x's with a web page or email address).
Who can use Mr. BulkE?
Mr. BulkE and Mr. BulkE Majors are designed for departmental contact people and other key information distribution points. Designated departmental contact people have access to Mr. BulkE through the GUS system. Mr. BulkE Rosters is designed for campus personnel teaching classes. Individual instructors have access to only those courses that they are currently teaching.
How do I use Mr. BulkE?
Mr. BulkE is available to approved individuals via the GUS system on the PSU homepage.
How can I reach all of the people on campus?
Since Mr. BulkE's intent is to reduce spam (electronic junk mail), users are encouraged to send messages only to the target group. If a message needs to be sent to the campus at-large, then we suggest:
Cautions
Please keep in mind that email is not guaranteed and receipt of messages may be delayed since the message could take some time to deliver. Any time sensitive material should probably not be sent via Mr. BulkE or if sent, should be sent well ahead of the event. DO NOT RELY ON MR. BULKE FOR EMERGENCY COMMUNICATIONS.
What happens if I abuse my Mr. BulkE privileges?
Your privileges may be revoked.
Multi-Factor Authentication Policy
(Definition in Addendum)
Purpose
The purpose of this policy is to define the use of multi-factor authentication (MFA) for accessing Pittsburg State University (PSU) computer systems containing sensitive data from both on and off campus. The standards set forth in this policy are intended to minimize potential security risks which may result from unauthorized use of PSU computing resources. MFA adds a layer of security which helps deter the use of compromised credentials.
Applies to
This policy applies to all PSU faculty, staff and affiliate users. Graduate assistants and student hourly employees may be required to use MFA based on job requirements.
This policy applies to any system that requires an additional layer of protection as determined by Information Technology Services (ITS) in collaboration with campus data stewards. Systems requiring multi-factor authentication include those supported by ITS as well as systems administered by non-centralized departmental IT staff. Systems requiring the use of MFA include, but are not limited to, virtual private network (VPN), systems utilizing Single Sign-On (SSO), PSU applications/systems that contain sensitive data, system administration tools, and privileged accounts.
Policy Statement
All users must use MFA to access PSU computing resources that require MFA. If users do not use MFA, they will not be able to access these computing resources.
ITS will regularly evaluate and prioritize applications requiring MFA, to enhance the protection of institutional data and personal information.
Consequences
Any individual who violates this policy may lose computer and/or network access privileges and may be subject to remediation and/or disciplinary action in accordance with and subject to appropriate University policy and procedures.
Responsible Office: Information Technology Services
Approved by Information Technology Council: 05.01.20
Approved by President’s Council: 05.15.20
Original Effective Date: TBD
Review Cycle: Annual
Multi-Factor Authentication Policy Addendum
The State of Kansas Defines Multi-Factor Authentication as follows:
A method of confirming a User’s claimed identity in which access is granted only after successfully presenting two or more different pieces of evidence (factors) to an authentication mechanism. Factors include knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).
Networked Systems Policy
To provide maximum uninterrupted service, effective use and security of campus bandwidth and maximum availability of all network services the Information Technology Services (ITS) has established the following policy.
Definitions: Device - Any computer or telecommunications equipment. Service - Any program or software that is intended to publicly deliver and/or receive data from network users. PSU network - All connections on the PSU campus that connect to the administrative, academic, library or Internet services. This includes services on campus and via the KANREN Internet connection.
Questions regarding the meaning or interpretation of the provisions of this policy and subsequent binding agreements may be directed to University's Chief Information Officer.
Policy Name: Password Policy
Policy Purpose: The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of password changes.
Scope: The scope of this policy includes:
1) All personnel who are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any Pittsburg State University facility
2) All individuals who have access to the PSU network, and
3) All systems (where enforcement is possible) that store any non-public PSU information.
General Policy Provisions
Passwords are an essential aspect of computer security, providing important front-line protection for electronic resources by preventing unauthorized access. Passwords help the University limit unauthorized or inappropriate access to various resources at PSU, including user-level accounts, web accounts, email accounts, screen saver protection, and local switch logins.
A poorly chosen password may result in the compromise of University systems, data, or network. Therefore, ALL PSU students, faculty, and staff are responsible for taking the appropriate steps, as outlined below, to select appropriate passwords and protect them. Contractors, vendors, and affiliated organizations with access to University systems also are expected to observe these requirements.
A department and/or system administrator may implement a more restrictive policy on local systems where deemed appropriate or necessary for the security of electronic information resources. Information Technology Services (ITS) can require a more restrictive policy in protection of confidential data.
Password Creation
Passwords created by users of University systems, and on systems where technology makes enforcement possible, must conform to the following guidelines:
These provisions will be enforced electronically whenever possible.
Changing Passwords
Protecting Passwords
Sharing Passwords
Group Accounts
Group accounts are ID’s and passwords that are shared between a specific group of people. Group accounts are strongly discouraged and only allowed when other alternatives are not feasible. When group accounts are necessary, then strong account protection is required. The following ITS mandated protections apply:
Reporting Password Compromises
Suspected compromises of passwords must be reported immediately to the IT Security Officer, extension 4657, ITSecurity@pittsate.edu ; or the Gorilla Geeks, extension 4600, geeks@pittstate.edu.
The password in question should be changed immediately.
ITS Responsibilities
Consequences
Any individual who violates this policy may lose computer and/or network access privileges and may be subject to remediation and/or disciplinary action in accordance with and subject to appropriate University policy and procedures.
Responsible Office: Information Technology Services
Approved by Information Technology Council: November 19, 2019
Original Effective Date: January 1, 2006
Review Cycle: Annual
Pittsburg State University
Acceptable Use Policy
Introduction
This policy outlines the expectations for the use of information technology resources at Pittsburg State University. This policy applies to faculty, staff, students, official university affiliates, and any other individuals who use University information technology resources. Appropriate use should always be legal and ethical, reflect academic honesty and community standards, and show restraint in the consumption of shared resources. It should demonstrate respect for intellectual property; ownership of data; system security mechanisms; and individual’s rights to privacy, freedom of speech, and freedom from intimidation, and harassment.
User Responsibilities
Users of electronic systems have the following responsibilities:
Please see:
Please see: Password Policy (as listed above):
If you have questions please contact the OIS Gorilla Geeks Help Desk: Phone: 620.235.4600 Email: geeks@pittstate.edu
User Privacy
University information technology resources are state-owned and maintained. University users have a heightened responsibility to properly use information technology resources. Pittsburg State University supports a climate of trust and respect. Nonetheless, users should be aware that on occasion legitimate activities of technical staff may lead to situations where specific information could be reviewed as part of routine problem resolution procedures. The University, therefore, cannot guarantee the personal confidentiality, privacy, or security of data, email, or other information transmitted or stored on its network. When University officials believe a user may be using information technology resources in a way that may violate University or Regents policies or local, state or federal law, or the user is engaged in activities inconsistent with the user’s University responsibilities, then technical staff may be requested to monitor the activities and inspect and record the files of such user(s) on their computers and networks, including word processing equipment, personal computers, workstations, mainframes, minicomputers, and associated peripherals and software.
User Abuse/Abuse of Policy
All users and units have the responsibility to report any discovered unauthorized access attempts or other improper usage of PSU information resources. If you observe, or have reported to you, a security or abuse problem with any University information resource, including violations of this policy, please email abuse@pittstate.edu and an administrative response to such incidents will be coordinated. In addition, you may utilize the following University Whistleblower Policy to report such incidents: https://www.pittstate.edu/president/policies/
Reports of all apparent IT policy violations will be forwarded by the PSU IT Security Officer to the CIO for disposition according to standard procedures and University policies on violation of policy.
Use of University information technology resources contrary to this policy, University policies, or applicable federal, state or local law is prohibited and may subject the user to disciplinary action including, but not limited to, suspension of the users access to the information technology resources. Users also should be aware of other possible consequences under University policies and federal, state, or local laws, particularly those related to computer crime and copyright violation. Additionally, students could be subject to disciplinary action under the Code of Student Rights and Responsibilities: https://studentlife.pittstate.edu/code-of-student-rights-and-responsiblities.html.
Policy Name: Virtual Private Network (VPN) Services.
Policy Purpose: This policy outlines the purpose and approved use of PSU VPN Services
Scope: This policy applies to all faculty, staff, and consultants using VPN Services at PSU.
General Policy Provisions
In an effort to increase the security of information technology (IT) systems at PSU, the
Information Technology Services (ITS) has limited access to some computing resources. The
VPN is designed to provide secure/encrypted access to computing resources on the PSU
network. It allows, among other things, a method to connect to PSU computing resources as if
the user were locally connected to the PSU network. This allows greater functionality and
security than other remote access techniques. Users should be aware that routing schemes,
network configurations, and security measures can be changed without notice by ITS or by the
user's internet service provider (ISP) that may affect the user's ability to do specific functions
with the VPN.
Use of the VPN service at PSU is a privilege, which comes with responsibilities for both
departments and users. All other policies covering the use of PSU computing resources by
authorized users are still in effect when they are accessed from remote locations, as are all
regulations (e.g., HIPAA and FERPA) which protect the confidentiality and integrity of
information entrusted to PSU's stewardship. Do not assume the confidentiality of information
traveling through the VPN.
VPN Accounts
•As with all PSU information technology resources, clients using VPN must follow the PSU
Acceptable Use Policy found at the following link.
•VPN access is for users (faculty, staff, and consultants) who need access to campus computing
resources that are not available from off campus networks.
• User accounts are created at the request of a departmental representative or the employee's
supervisor. The employee must read and accept the conditions of this policy before using the
VPN.
• VPN access for third parties (e.g., software consultants and support personnel) to support on
campus systems must be requested by a PSU employee. In addition, the third party must
complete and sign a nondisclosure agreement if required by PSU.
• VPN access can be terminated by a departmental representative, the employee's supervisor,
at the employee's request, or by ITS.
ITS Responsibilities
• VPN access to PSU computing resources will be set up and managed only by the ITS Network
and Systems group. No other department may implement VPN services.
• ITS reserves the right to monitor for unauthorized VPNs and disable access of those devices
performing non-sanctioned VPN service.
• All network activity during a VPN session is subject to PSU computing policies and may be
monitored for compliance.
• ITS will provide the VPN client software and instructions for installing the software.
User Responsibilities
• By using the VPN with personal equipment, users must understand that while they are
connected through VPN, their computers become an extension of the PSU network, and during
the time they are connected, must follow the same guidelines established for the use of PSU
owned equipment.
• Only VPN client software distributed by ITS may be used to connect to the PSU VPN.
Approved users can download the VPN client and installation instructions from GUS.
• Approved users are responsible for the installation of the VPN software.
• Users with VPN privileges must ensure that unauthorized people are not allowed access to
computing resources located on the PSU network.
• The VPN is configured not to allow the bridging of networks (split tunneling).
• All computers, including personal computers, connected to the PSU network via VPN or any
other technology must have:
Consequences: Failure to abide by the requirements of this policy and/or any procedures that
are developed to implement this policy may result in termination of the user's VPN privileges.
Responsible Office:
Information Technology Services
Updated By:
The Information Technology Council: October 20, 2017
Update Approved By The President’s Council: November 13, 2017
Approved by:
Information Technology Council: October 26, 2005
Signed by President Tom Bryant: January 26, 2006
Original Effective Date: January 26, 2006
Review Cycle: Annua