Technology Policy

Banner_Technology

Policy

The System Access and Security Policy ("SASP") is official Information Technology Services policy with regard to computer systems and network access for all administrative users of technology within the NIU organization. All new and existing administrative employees are expected to abide by its terms.

General Guidelines

Users and departments requesting access to university enterprise systems and data resources agree to follow accepted and prudent practices regarding computer security. The following policies should guide user and departmental practices and procedures:

Confidentiality

University data and information stored on university enterprise systems is considered confidential. Access to university information involves both trust and responsibility. Users must ensure that private and sensitive information is not disclosed to unauthorized individuals or organizations that do not have a legitimate reason for access to the information.

Requests for the disclosure of confidential information outside the university will be governed by the provisions of law, including but not limited to the Family Educational Rights and Privacy Act of 1974 as amended in 1998 ("FERPA"), the Illinois School Student Records Act, and the Illinois Freedom of Information Act. All such requests will be honored only when approved by university officials who are the legal custodians of the information requested, or if required by state or federal law or court order.

Availability

Computer systems are provided to users to perform university business. Denial of service caused by the installation of unauthorized software that compromises an individual or network system, or virus infections that corrupt or delete system software or data is a serious threat to university operations. Users shall refrain from practices that tend to compromise the availability of computer systems or resources.

Accuracy and Integrity

Accuracy and integrity are essential elements in the use, storage and retrieval of electronic data. The use and/or exchange of data must be done with adequate controls to ensure integrity and verifiable results. Authenticity requires that data is not corrupted or altered in such a way that would misrepresent or hinder audit ability.

User Responsibilities

Follow good security practices as outlined in this security policy as well as supplemental departmental security policies and procedures.

Maintain and use computer workstations in accordance with this Security Policy, the ITS Acceptable Use Policy Statement ("AUP") (see http://www.its.niu.edu/aup/), and applicable supplemental departmental security policies and procedures.

Report known violations of this security policy, the AUP and/or supplemental departmental security policies to management.

Only request access to official files and records necessary to perform duties as defined by the user's position description.

Confidential data and information may be transferred among university staff only as required for fulfilling assigned duties and responsibilities.

Do not attempt to access data or programs on enterprise systems for which the user does not have authorization or explicit consent of the owner of the data.

Do not reproduce, edit, revise or otherwise alter data and information except as required for legitimate university reporting purposes.

Do not make copies of system configuration files (e.g., password files, cache files, registry entries, .ini files, .cfg files, etc.) for unauthorized personal use or to provide to other people/users for unauthorized uses.

Do not purposely engage in activity with the intent to do any of the following: harass other users; degrade the performance of systems; deprive an authorized user of access to a university resource; obtain extra resources beyond those allocated; circumvent computer security measures; or gain access to enterprise systems for which proper authorization has not been given.

Do not disclose or share a user login id and password with others except as required for system maintenance purposes or for purposes of promptly changing a password as appropriate.

Do not download, install or run security programs or utilities which reveal weaknesses in the security of a system except as specifically required by the user's position. For example, only users whose position requires it may run or "test" password cracking programs or network sniffers on university computing systems.

Refrain from installing personal or third party applications not related to a user's job function that may compromise access to university enterprise systems.

Do not seek personal benefit or permit others to benefit by disclosing or otherwise using confidential data or information which has come to him/her by virtue of work assignment.

Do not use university computing resources for private, commercial gain.

Supervisor and Departmental Responsibilities

Ensure that only authorized users have access to university data for appropriate departmental and university business purposes.

Ensure that official files, reports, and data accurately reflect university operations and transactions.

Ensure that user id's and passwords are not shared and that appropriate access and usage policies are maintained and enforced.

Be subject to periodic audits of departmental practices and procedures regarding access to enterprise computer resources.

Notify ITS Network Security and/or local area network administrator of any change in a user's job function or employment that would require changes be made to the user's access at least five business day before such a status change. Managers must specify both access to be added or revoked as appropriate for job changes.

Request that accounts or passwords for individuals who no longer require access to network resources be deactivated within 24 hours of user's change in status.

Setup and configure university owned computer workstations in accordance with this security policy and supplemental departmental security policies and procedures.

Ensure that ITS certified virus protection software is properly installed and functioning on computer workstations.

Ensure that staff is adequately trained in basic Windows usage and navigation skills and that users have had appropriate training in applicable software packages.

Consequences of Noncompliance

Noncompliance with these guidelines constitutes a violation of security policy. Violations shall be reported to the proper university officials and will result in short-term or permanent loss of access to enterprise computing systems. Violators are also subject to university disciplinary procedures. Serious violations may be referred to state and/or federal law enforcement officials and may result in civil or criminal prosecution. In the event that it is necessary to suspend an existing user's account for security or disciplinary reasons, the account will not be reinstated until or unless the user is witnessed to have read the SASP and signs a Statement of Responsibility for retention by ITS security.

Please refer questions or concerns to ITS Network Security at 753-8100.



NORTHERN ILLINOIS UNIVERSITY
Information Technology Resources
Acceptable Use Policy

Northern Illinois University information technology resources, including the electronic communications network (NIUnet) on the NIU campus and in off-campus education and research centers and the computers attached to this network, are for the use of persons currently affiliated with Northern Illinois University, including faculty, staff and students. Information technology resources are provided by the university to further the university's mission of research, instruction and public service. Use of these resources should be consistent with this mission and this policy.

Acceptable use of NIU information technology resources is based on common sense, common decency, and civility applied to the networked computing environment. All authorized users have the right to expect reasonable privacy with regard to all computer files and e-mail. The University may access university-owned or networked computers for maintenance and upgrades or when based upon established procedures for suspected abuse of this policy. Users are entitled to notification of such access and, whenever possible, notification should precede access. If users believe their reasonable rights to computer privacy have been violated, they may follow usual grievance procedures.

Unacceptable uses include, but are not limited to, the following:::

  • Using the resources for any purpose which violates federal or state laws.
  • Using the resources for commercial, sales and advertising purposes without university approval.
  • Using excessive data storage or network bandwidth in such activities as propagating of "chain letters" or "broadcasting" inappropriate messages to lists or individuals or generally transferring unusually large or numerous files or messages.
  • Sending or storing for retrieval patently harassing, intimidating, or abusive material.
  • Misrepresenting your identity or affiliation in the use of information technology resources.
  • Using someone else's identity and password for access to information technology resources or using the network to make unauthorized entry to other computational, information or communications devices or resources.
  • Attempting to evade, disable or "crack" password or other security provisions of systems on the network.
  • Reproducing and/or distributing copyrighted materials without appropriate authorization.
  • Copying or modifying files belonging to others or to the university without authorization including altering data, introducing or propagating viruses or worms, or simply damaging files.
  • Interfering with or disrupting another information technology user's work as well as the proper function of information processing and network services or equipment.
  • Intercepting or altering network packets.

These principles and guidelines are extended to networks and information technology resources outside the university accessed through NIUnet via the Internet. Networks or information technology resource providers outside the university may, in turn, impose additional conditions of appropriate use which the user is responsible to observe when using those resources.

Access to the information technology environment at Northern Illinois University is a privilege and must be treated as such by all users of these systems. Like any other campus facility, abuse of these privileges can be a matter of legal action or official campus disciplinary procedures. Depending on the seriousness of an offense, violation of the policy can result in penalties ranging from reprimand (i.e., don't do this any more), to loss of access, to referral to university authorities for disciplinary or legal action. In a case where unacceptable use severely impacts performance or security, in order to sustain reasonable performance and secure services for the rest of the user community, Information Technology Services will immediately suspend an individual's access privileges.
This policy is subject to amendment at any time. For a copy of the most recent policy see the Northern Illinois University web server at http://www.niu.edu/.
Revised 8/29/2000
Page last reviewed 7/1/2002



NORTHERN ILLINOIS UNIVERSITY
Electronic Mail (e-mail) Policy

Northern Illinois University participates in a range of computing networks and many members of the university community, including faculty, staff and students, use electronic mail (e-mail) in their day-to-day activities. E-mail services are provided on university owned computing and networking systems to further the university's mission of research, instruction and public service. Use of e-mail should be consistent with this mission and this policy.

Acceptable use of e-mail is based on common sense, common decency, and civility applied to the electronic communications environment.

Mass mailings are permitted, but need to follow these guidelines:

  • Mass mailings for over 100 users need to have Provost approval.
  • Include the content within the message itself as opposed to "attaching" it if at all possible.
  • Send out a web based link to the source for any high resolution graphics, streaming content, etc, which would increase the message size dramatically.

Unacceptable uses include, but are not limited to, the following:

  • Using e-mail for any purpose which violates federal or state laws.
  • Using e-mail for commercial purposes.
  • Misrepresenting your identity or affiliation in e-mail communications.
  • Sending patently harassing, intimidating, abusive or offensive material to or about others.
  • Intercepting, disrupting or altering electronic communications packets.
  • Using someone else's identity and password.
  • Causing congestion on the network by such things as the propagation of "chain letters," "broadcasting" inappropriate messages to lists or individuals, or excessive use of the shared data store of the e-mail post office.
  • Assigning a priority of "high" to a mass mailing.

Communications in this medium are protected by the same laws and policies, and are subject to the same limitations, as communications in other media. However, users should exercise caution when committing confidential information to electronic media because the confidentiality of such material cannot be guaranteed. For example, e-mail messages can be saved indefinitely on the receiving computer. Copies can easily be made and forwarded to others either electronically or on paper. Messages sent to nonexisting or incorrect user names are delivered to a person designated as Postmaster for either the remote or local site. Routine maintenance or system administration of a computer may result in the contents of files and communications being seen (network and system administrators are, however, expected to treat the contents of electronic files as private and confidential).

Also, under the Illinois Freedom of Information Act, electronic files are treated in the same way as paper files. Any official university documents (as defined by law) in the files of employees of the State of Illinois are considered to be public documents, and may be subject to inspection through FOIA. In such cases, the campus Freedom of Information Officer should inspect files to determine which portions may be exempt from disclosure. Any inspection of electronic files, and any action based upon such inspection, will be governed by all applicable U. S. and Illinois laws and by university policies.

Access to the information technology environment in general, and electronic mail in particular, at Northern Illinois University is a privilege and must be treated as such by all users of these systems. Like any other campus facility, abuse of these privileges can be a matter of legal action or official campus disciplinary procedures. Depending on the seriousness of an offense, violation of the policy can result in penalties ranging from reprimand (i.e., don't do this any more), to loss of access, to referral to university authorities for disciplinary action. In a case where unacceptable use severely impacts performance or security, in order to sustain reasonable performance and secure services for the rest of the user community the Computing Facilities will immediately suspend an individual's access privileges.

This policy is subject to amendment at any time. For a copy of the most recent policy see the Northern Illinois University web server at http://www.niu.edu/.


NIU Department of Geography

Computer - Network Usage Policies

(Revised Spring 2015)

The Department of Geography assigns computer systems to Faculty, Staff, Graduate and PhD Students as resources become available. Anyone using systems on the Department’s network must abide by the rules as defined by the Department of Geography and Northern Illinois University’s (ITS Acceptable Usage Policy) computer resources.

Anyone using Department of Geography computer resources (computer systems\peripherals and network) must abide by the following policies:

1. Computer Network

Geography Faculty, Staff, Graduate and PhD students may be provided “department” network connections for access to the Internet as well as server space. This network connects to department servers as well as the university’s “Enterprise” network. The end user must comply with proper Internet and LAN protocols when connecting to the department’s network. Only computer systems approved by the Department of Geography’s Computer Systems Administrator (Philip Young) can connect to this network. No “personally” owned desktops or laptops are allowed to connect to the Geography network. The Department Geography is using Lenovo desktop computers with Windows 7\8 operating systems as the standard platform for this network. The Department of Geography enforces strict network and systems standards that are not subject to individual interpretation.

2. Computer Security

A major function of the department’s computer systems is the level of security that is provided to the end users. This task involves access to labs and servers, as well as security passwords for labs and office computers. Passwords are set up to maintain computer system security and to safe guard against potential virus infiltration. It is the responsibility of each computer user to safeguard their password and to not share it with anyone else. No passwords or accounts should be given out to any other individual; it should only be used by the person that it is assigned to. User accounts for the Geography network are setup exclusively by the Computer Systems Administrator.

3. Software Licenses

University policies dictate that all software is legally purchased, registered with the Department, purchased for academic use and is installed only on University computer systems with the NIU inventory tag. The department continually updates many of its software products and licenses. Some software is based upon site licenses that have yearly renewal policies, while others are based upon single or multi-pack licenses. All Department of Geography computers must have legally registered software that was purchased or downloaded by the department. Software installations on Department of Geography computer systems can only be done by the Computer Systems Administrator.

4. E-mail Access

E-mail access is available to all NIU employees and students through the ITS. Outlook client software is setup by the Computer Systems Administrator and is run through ITS. All users of this system will need to use their “Z/A-ID” and password which is established through ITS. E-mail is provided for “official” departmental activities involving academic research and instruction. End users should not download attached files from people or places they do not recognize. Geography computer systems vary in the amount of access that is available to the outside world.

5. Internet Access

Internet access is granted to all Department Faculty, Staff, Graduate and PhD students (and some undergraduate students in certain labs). The right to Internet access is governed by departmental and university guidelines. Some of the restrictions are (but not limited to):

    • Internet access is for research and educational purposes.
    • Internet access should not be used for downloading unauthorized programs or copyright/trademark data (without proper documentation).
    • Internet access for recreational usage is not supported.
    • Internet access to sites that do not meet the criteria set forth by the department and university are not authorized.
    • Streaming large videos or music files over the network is restricted to academic use.
    • Viewing material that may be deemed offensive to others or defined as unacceptable by Northern Illinois University is not allowed. Violations will be reported to the Department of Geography, Human Resources and the University Judicial division for disciplinary actions.

Failure to adhere to proper usage of the Internet will result in denial of connection to the Internet and/or revocation of computer privileges.

6.  Virus infiltration

All computer systems must be protected from viruses infiltrating the network. Therefore it is critical that all computer users adhere to the following protocols:

    • Do not open up any email and/or attachments from anyone that you do not know.
    • Do not load CD/DVD or USB drive data onto your computer or the server without first scanning for viruses.
    • Do not load data from USB drives provided by other individuals unless it is scanned.
    • If you work on data at home make sure that you have an updated anti-virus software loaded on your computer before bringing USB drives to the office
    • Do not send out email to news groups with content that may bring out a retaliatory response from outside users.
    • Assume that your email and Internet activities may be examined by the University and/or Department of Geography if illegal or non-worked related activities are detected.
    • Do not give out any information about Department of Geography computer names, addresses, status of equipment or any type of operating system/network configurations or protocols.
    • Do not shutdown office or lab computers; always leave the desktop systems on that are attached to the Department of Geography’s network system.

7. Computer Maintenance

Any departmental computer system that malfunctions must be repaired by the Computer Systems Administrator. Faculty, staff and students should not attempt to repair, upgrade, shut down or move any department computer systems. All service calls on such equipment must be processed through the Computer Systems Administrator. No additional hardware should be added to any computer nor should any modifications take place. If someone needs their computer moved or repositioned to another part of their desk or office, it should be done by emailing a request to the Computer Systems Administrator. No one should move any computer system or peripheral devices from the room that it has been assigned.

8.  Data Responsibility

It is the responsibility of every end user to back up their data. Securing and archiving thesis work, student grades / assignments, etc. is primarily the responsibility of the end user. Arrangements should be made with the Computer Systems Administrator to generate specific backups in a form that the user can have access to outside of this network. Any data that a user generates that is part of the Department of Geography’s curriculum should also have a backup presence within the department’s primary network. This needs to be done to safeguard student labs and/or grades that a GA may be storing for a course grade. Data stored on the department servers are backed up through RAID systems. Local hard drives on office PCs are not backed up by the department, therefore when possible, data should be stored primarily on the Department’s servers.

 9. Teaching Lab

All computers in the 101 Geography lab are to be used by students who are assigned for a designated semester with a official Geography course. This room is not for students to use as a general purpose research lab, it is for courses assigned to this lab. These must be courses approved by the Department of Geography. The Computer Systems Administrator will be in charge of all aspects of maintenance in these labs which includes the following:

    • Systems administration of all computers (hardware & software). 
    • Securing the computer lab to students registered for courses using the 101 lab.
    • Computer Lab Maintenance.
    • Lab enforcement (closing student accounts for violating policies).
    • Setting account privileges for students and/or labs.

This lab is not an open area for Geography students to use beyond the open hours or lab times set by the department. Any problems with this lab should be reported to the Computer Systems Administrator as soon as possible.

10. Research Labs

There are several research labs within the department that are used by faculty and staff to administer grants, internships, research, etc. Access to these rooms is controlled by the Lab Managers that conduct research within these rooms. This includes Biogeography, Meteorology, Soils and GIS. The Lab Managers will determine who can use these rooms. The Computer Systems Administrator will work in conjunction with the Lab Managers to setup and maintain computer systems, accounts and data storage.

11. Graduate and PhD Offices

All computers in the Geography Graduate and PhD offices are to be used only by Department of Geography Graduate\PhD students that are assigned to these rooms (that are considered “full time” students). These are be used for thesis\dissertation research in addition to homework or TA responsibilities. No unauthorized guests or students should be allowed to access computers in these rooms nor should any privately owned computers be connected to the Department of Geography network.The Computer Systems Administrator will be in charge of all aspects of IT resources\security in these offices which includes the following:

    • Systems administration of all computers (hardware & software). 
    • Computer maintenance/upgrades.
    • Access enforcement (closing student accounts for violating policies).
    • Setting account privileges for students in these offices.

Computer resources in these offices are reserved exclusively for Geography Graduates\PhD that have been assigned to the specific rooms.

12. Faculty/Staff Offices

Faculty and Staff will be assigned 1 desktop PC that is Intel based, has Microsoft Windows installed and is connected to the Department of Geography’s network domain. Only one system per user is allowed to connect to this network. All hardware and software maintenance on these systems will be done exclusively by the Computer Systems Administrator.

13. Leaving the Domain

Any faculty within the Department of Geography that decides not to abide by these policies or requests to run an independent system, will be separated from the department network. They will not be allowed to connect up to systems within the Geography network. They will have to connect up to the internet through a ITS network and will be 100% responsible for the operation of their computers.

14. Remote Access/Portal

Remote access will be granted on a limited basis to Faculty that requires offsite access to their office desktop systems. This is not a substitution for working on campus and there are potential performance issues with remote access. This can include the end users personal computer, the local Internet Provider, external networks, Wi-Fi. Remote Desktop is provided as an additional tool to access Department of geography resources, but should not be considered the norm or replacement for access to these resources.