• No results found

aDDItIonal College PolICIesunauthorized access

In document Course Catalog (Page 80-84)

aCCePtable use PolICY

78 aDDItIonal College PolICIesunauthorized access

17. Users must not monitor or access

messages not sent to or intended for them, or attempt to do so, without express permission from the intended recipient or the President or her designee. In addition, users are prohibited from using the system to access NLC files they are not authorized to access (e.g., personnel files, payroll records, etc.) and are prohibited from using the system to engage in so-called “hacking,” that is, gaining unauthorized access to any computer, server, file or any similar device not belonging to NLC.

liability.

18. NLC will not assume any liability for any claim, suit, criminal prosecution, or judgment against a user of email or of the internet because of any improper action by that user during the course of such use. If NLC is required to pay money damages in connection with any misuse of the system by any employee or other user, it reserves the right to recover such damages from the responsible party.

sanctions.

19. Any employee, student, consultant or other user who uses the email system in an inappropriate, disruptive, offensive, or unlawful manner, or who otherwise violates this policy, shall be subject to discipline up to and including discharge from employment, expulsion from school, or termination of contractual arrangement.

reporting of violations.

20. Any complaints about unlawful,

improper, or inappropriate use of email (including receipt of such material) should be reported promptly to the President or her designee.

InforMatIon seCurItY PolICY

access .

1. Each user’s computer information technology access privileges shall be authorized according to business need. User access authority to computer resources shall be provided only when necessary to perform a task related to NLC business and only after approved by the President of NLC or her designee.

right to amend .

2. NLC reserves the right to amend or change this policy as circumstances and experience require. Employees, students, and other users will be notified promptly of any changes.

User identifier.

3. Every user must use a unique account and connect through a unique User Identifier (User ID). NLC User IDs will consist of the individual’s first initial followed by their last name (e.g. John Doe = jdoe). All User IDs will be written in all lower case letters. If the chosen User ID is already being used, the user’s middle initial should be added after the first initial. If resulting User ID is also being used, sequential numeric digits will be added to the end until a unique User ID is found. Shared or group User IDs are never permitted for user-level access.

Passwords .

4. Every User ID, system account and application account must be authenticated with a different password.

All passwords must be at least 8 characters in length. All passwords must consist of both upper and lower case letters and numeric/symbol characters. Passwords should not be based on easily discoverable personal information such as names of family members. Passwords should never be written down or stored online. The same password should not be used for NLC accounts and for other non-NLC access. The “remember password” feature of applications should not be used. Authorized users are responsible for the security of their passwords and accounts. If an account or password is suspected to have been compromised, the incident should be reported to the System Administrator. System level passwords should be changed every three months; user level passwords should be changed every six months.

lockout .

5. Account lockout will happen after 4 unsuccessful login attempts. This will require the account to be locked for no more than thirty (30) minutes or until the System Administrator resets the account.

removable media.

6. Removable media are any devices or media that are readable and/or writeable by the end user and are able to be moved from computer to computer without modification to the computer. Removable media include, but are not limited to, flash memory devices

aDDItIonal College PolICIes 79 such as thumb drives, cameras, MP3 players and PDAs;

removable hard drives (including hard drive-based MP3 players); optical disks such as CD and DVD disks;

floppy disks and any commercial music and software disks not provided by NLC. To minimize the risk of loss or exposure of sensitive information maintained by NLC and to reduce the risk of acquiring malware infections on computers operated by NLC, users may only use NLC-approved removable media on their work computers.

NLC-owned removable media may not be connected to or used in computers that are not owned or leased by the NLC without explicit permission of the President or her designee. Sensitive information should be stored on removable media only when required in the performance of assigned duties.

system Administrator.

7. The System Administrator has

the following responsibilities regarding user account and access management:

• Account creation requests shall specify access either explicitly or via a “role” that has been mapped to the required access. There must be written authorization by the President or an NLC Vice Presidents before the creation of any account type or resource access is granted.

• Access shall be immediately revoked for terminated employees, at time of an employee’s last day or for any user whose access is no longer required for a specific resource unless otherwise directed by the President or her designee.

• User IDs shall be disabled after 30 days of inactivity.

After an additional thirty days, disabled User IDs shall be purged. These restrictions may not apply to certain specialized accounts used by the Information Technology Department for running services or applications. In these instances the IT department will keep an encrypted database of these specific IDs and passwords.

• All Computer resources capable of displaying a custom sign-on or similar message must display as part of the login process:

• This system is for use of authorized users only.

Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities monitored and recorded.

National Labor College reserves the right to take any and all appropriate legal actions against any individual who uses this system in an unauthorized or unlawful

manner.

• Passwords set by the System Administrator shall be changed by the user immediately upon the user’s next login. System Administrators shall set initial passwords that are unique and are compliant with the password rule set.

• The identity of users shall be validated before performing a password reset. The approved method for validating identity is in person or remotely only after the being provided with a unique piece of information about the person. Examples include: date of birth, full name, or home phone number.

• All systems and access to databases containing credit cardholder information shall be authenticated. Direct database queries shall only be made by authenticated Database Administrators.

• Audit logs shall be stored and retained accordingly.

• Access to management consoles for wireless networks shall be limited to the System Administrator and shall not be accessible by the wireless network itself.

• All computers, servers with any type of operating system, workstations, kiosks, point of service machines and any other NLC-owned computing device shall have up to date antivirus software.

liability.

8. NLC will not assume any liability for any claim, suit, criminal prosecution, or judgment against a user of email or of the internet because of any improper action by that user during the course of such use. If NLC is required to pay money damages in connection with any misuse of the system by any employee or other user, it reserves the right to recover such damages from the responsible party.

sanctions.

9. Any employee, student, consultant or other user who uses the email system in an inappropriate, disruptive, offensive, or unlawful manner, or who

otherwise violates this policy, shall be subject to discipline up to and including discharge from employment,

expulsion from school, or termination of contractual arrangement

reporting of violations.

10. Any complaints about unlawful,

improper, or inappropriate use of email (including receipt of such material) should be reported promptly to the President or her designee.

admissions, graduation requirements, college rules and regulations, college calendar, and other regulations affecting the student body, is the most accurate available as of the date of publication. However, National Labor College reserves the right to change, modify, or alter any of the content of this course catalog at any time without notice. The College’s right to make changes without notice includes, but is not limited to, terms, conditions, fees, course offerings, admissions, graduation requirements, college rules and regulations, college calendar, and other regulations affecting the student body. NLC’s website contains more recent and accurate information on many topics covered in this course catalog. In any instance where the information in this course catalog and the information on the website differ, the information on NLC’s website should be considered to be correct.

815 16th street, nW Washington, dc 20006

www .nlc .edu • 1-888-427-8100

In document Course Catalog (Page 80-84)
Download now "Course Catalog"

Outline

Related documents