• No results found

Blacklisting Procedure

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Blacklisting Procedure"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Blacklisting Procedure

Related Policy ICT Services and Facilities Use Policy

Responsible Officer Chief Information Officer

Approved by Chief Information Officer

Approved and commenced August, 2014

Review by August, 2017

Responsible Organisational Unit Information Technology Services

CONTENTS

1 Objective ... 2

2 Scope ... 2

3 Procedure ... 2

4 Definitions and Acronyms ... 3

5 Supporting Documentation ... 5

(2)

1 Objective

This procedure describes the process the University of Tasmania will follow in restricting access to online services or websites where accessing, or obtaining content from, those services or websites using University of Tasmania ICT Services, Facilities or Infrastructure would be considered a breach of Federal or State

legislation, or a breach of University of Tasmania Policy.

2 Scope

Where the blockage of an online service, or website, affects learning, teaching, research or general work the blockage will be reviewed and may be removed, or be subject to a per user, or group, exception.

3 Procedure

Step Details Responsibility

1. An internet service, or website, may be blacklisted if accessing, or obtaining content from that service or website using University of Tasmania ICT Services, Facilities, or Infrastructure would be considered a breach of Federal or State legislation, or a breach of University of Tasmania Policy.

Blacklisting any internet service, or website, may only be done by the process of:

• nomination of an internet service or website • consideration by the Chief Information Officer and

subsequent approval

• configuration change to centralised systems • instantiation of a review process.

Chief Information Officer

2. Internet services, or websites, that are candidates for blacklisting may be identified by:

• consistent association with cases of Policy breach; • nomination by ICT Officers; or

• identification in the course of operational work.

ICT Security Manager, ICT Officer

3. A nominated internet service, or website, will be

considered for blacklisting by the Chief Information Officer. The Chief Information Officer, will take into consideration: • nature of content hosted on the nominated internet

service or website. Including:

o Legality under Federal and State legislation o Legality under University of Tasmania Policy • use for learning, teaching, research or general

University work.

Chief Information Officer

(3)

The Chief Information Officer, will approve/disapprove the blacklisting of any internet service or website following this assessment.

Following approval of an internet service or website for blacklisting the Chief Information Officer will notify the ICT Security Manager.

4. The ICT Security Manager will arrange for a configuration change to the University’s internet gateways or firewall to facilitate the blacklisting.

The University Service Desk and ICT Officers will be notified of the blacklisted internet service or website via email.

ICT Security Manager

5. Where blacklisting a website impacts learning, teaching, research, or University work any Authorised User may request a review of a decision to blacklist a site, which may be directed to the Chief Information Officer or the ICT Security Manager.

Requests to review a decision to blacklist a site will be accepted by email, or escalation via an ICT Officer. Any request to review a decision to blacklist a site should include details of the access requirements and a summary of the University business associated with it.

Authorised Users

6. The Chief Information Officer will consider the review request and apply any of the following actions:

• removal of the internet service or website from the blacklist

• a per user access exemption

• access exemption for a group of users, or department, based on network addresses • no access exemption.

Chief Information Officer

7. A register of blacklisted internet services and websites will be maintained. In addition, a register of exceptions will be maintained.

ICT Security Manager

4 Definitions and Acronyms

Access Connection of University, personal or third party owned

Devices to ICT Infrastructure facilities via a direct or indirect connection method. Such connection methods could include but are not restricted to:

• LAN/MAN/WAN network connections (e.g. Ethernet); • Wireless network connections;

(4)

ISP with trusted access to the University network; • Connection via VPN (Virtual Private Networking)

technology; and

• Connection to any systems, services and applications.

Account A combination of a username (identifier) and password

allocated by an ICT Officer to an Authorised User (the account owner) to access ICT Services, Facilities and Infrastructure.

Authorised User An individual who has been granted access to University

ICT Services under one or more of the following categories:

• a current member of the governing body of the University;

• a currently employed officer or employee of the University;

• a currently-enrolled student of the University; • any person granted access to use University of

Tasmania ICT Services including, but not limited to:  A contractor undertaking work for the University

under the provisions of a legal contract;

 A member of a collaborative venture in which the University is a partner; or

 A visiting lecturer, student or other associate who is undertaking similar activities in a recognised University, as a registered associate.

Copyright A form of intellectual property which gives the creator of

an original work exclusive rights in relation to that work; and control over its distribution, publication, and adaption.

ICT Information and Communication Technologies

ICT Facilities All computers, terminals, telephones, end host devices,

licences, centrally managed data, computing laboratories, video conference rooms, and software owned or leased by the University.

ICT

Infrastructure

All electronic communication devices, networks, data storage, hardware, and network connections to external resources such as AARNet and the Internet.

ICT Officer The University of Tasmania staff authorised by the

Faculty, School and/or Director, IT Services to maintain and/or administer ICT Services, Facilities, Infrastructure, user level accounts and passwords.

ICT Security Manager

The ITS appointed representative responsible for ICT security.

(5)

ICT Services All systems supporting interaction, information provision, information storage, or communications provision and the ICT Facilities on which they operate.

Internet A term for the global computer network used to share

information along multiple channels, and over multiple protocols.

This definition of Internet is inclusive of protocol driven networks such as the World Wide Web, and all peer-to-peer networks.

ITS Information Technology Services

University The University of Tasmania

5 Supporting Documentation

• ICT Security Policy

• ICT Services and Facilities Use Policy • ICT Access Control Policy

6 Versioning

Former Version Blacklisting Procedure, approved May, 2010; reviewed May, 2014.

Current Version Blacklisting Procedure; minor amendments to update changes to terms; approved Responsible Officer, Chief Information Officer, August, 2014.

References

Download now ( PDF - 5 Page - 128.84 KB )

Related documents

Pipeline Cathodic Protection Design

The cathodic protection (CP) analysis is performed to determine the dimensions and quantity of sacrificial bracelet anode required to protect the pipeline against external

A Guide to EMV Version 1.0 May 2011

Based on results of offline data authentication, processing restrictions, cardholder verification, terminal risk management and rules in the terminal and from the chip, the

Business white paper. Transitioning to a new era of human information

Yet the lack of structure in human information still makes the search process challenging for the simple reason that people search or analyze data using an attribute of the data,

Starting, Stopping and Switching: Contraceptive Dynamics and Fertility in Rural Northern Malawi

There are also many other factors involved with fertility decline, for example declining child mortality, economic factors, and the diffusion of new ideas (e.g. about

Presenting a live 90-minute webinar with interactive Q&A. Today s faculty features:

potential safe harbors, or exceptions, the greatest opportunity for flexibility occurs when the plan is a risk based plan such as a Medicare Advantage (MA) plan, a

PUNCHESTOWN 1A. 15 May 2021

All queries relating to the event must be made through the Event Secretary’s Office via WhatsApp, for investigation by the Eventing Ireland Steward. Only the Eventing Ireland

May My Life Be A Testimony

Preaching the bible and may my life a testimony to make it is always provide a good idea to serve the plans i felt like at cru!. Means a long, i felt like

Multimode Monitoring of Oxy-gas Combustion through Flame Imaging, Principal Component Analysis and Kernel Support Vector Machine

Bai, Xiaojing and Hossain, Md Moinul and Lu, Gang and Yan, Yong and Liu, Shi (2016) Multimode Monitoring of Oxy-gas Combustion through Flame Imaging, Principal Component Analysis