Section 7:
Security
The availability of information technology resources brings with it the responsibility to protect those resources from unauthorized access and use. Kentucky Wesleyan College has instituted security measures designed to protect the integrity of its systems and data. Any attempt to circumvent these procedures will be considered a violation of College policies and/or state and federal statutes.
7.1 Responsibilities of Information Technology Services
Information Technology Services is responsible for establishing and maintaining
the security of the College’s central computing facilities, systems and data.
To ensure the integrity of institutional information resources, the Information
Technology Services staff will employ the following measures:
· Perform, verify and secure the integrity of regular media backups;
· control and record system software and hardware configuration changes;
· institute and monitor appropriate access control measures for shared
systems;
· guard the confidentiality of private information, including user files
and access codes;
· control physical access to system software and equipment;
· provide a proper physical environment for system equipment;
· provide system safeguards against virus infection, fire, flood, theft,
etc.
· monitor and track network activity.
7.2 Responsibilities of Departmental Units
Department heads and their staffs are responsible for maintaining the security and integrity of data stored on individual computers within their areas. This includes performing and securing regular data backups. Department heads may also be required to implement and manage additional policies and procedures to provide appropriate security of information resources specific to their areas of responsibility.
7.3 Responsibilities of Individual Users
Individual users assume responsibility for the appropriate and ethical use of the College’s information resources. Computer accounts, passwords and other types of authorization are assigned to individual users for their exclusive use and must not be shared with others (see Section 3: Kentucky Wesleyan College Information Technology Appropriate Use Policy). Users are also responsible for verifying the integrity and completeness of data they create and use.
College employees are expected to take appropriate measures to guarantee the privacy and security of the College's information resources. Employees must not grant family members, friends or others not associated with the College access to the computer systems and resources entrusted to their care.
7.4 Virus Protection
ALL computers connected to the campus network must be protected with anti-virus software.
7.4.1 Virus Protection on College-Owned Computers
Kentucky Wesleyan College maintains a site license for centrally administered anti-virus software. This must be installed and running on all computers owned by the College. Anti-virus software updates and current virus definitions will be provided automatically from a central server.
7.4.2 Virus Protection on Privately-Owned Computers
Anti-virus software must be installed and running on all privately-owned computers attached to the campus network. This software must be updated with current virus definitions. If a virus-infected file appearing on the network is traced to a privately-owned computer, the owner of that computer will be immediately notified of an audit of his or her equipment. If there is no anti-virus software on the computer, the computer will be immediately disconnected from the network until such software is installed.
The College reserves the right to perform random audits of privately-owned
computers connected to the campus network to verify that anti-virus software
is activated and updated.
4/27/06