|Definition:||This document establishes the computer and network security policy for the California State University San Marcos. The computer and network security policy is intended to protect the integrity of campus networks and to mitigate the risks and losses associated with security threats to campus networks and network resources, while striving to maintain the free and open access to technology which is one of the campus' core values.|
|Authority:||By the authority of the President of Cal State San Marcos.|
|Scope:||This policy applies to faculty, staff, students and guests of Cal State San Marcos.|
|Responsible Division:||Academic Affairs|
|Signature Page/PDF:||View Signatures for Computer & Network Security Policy|
This document establishes the computer and network security policy for the California State University San Marcos. The computer and network security policy is intended to protect the integrity of campus networks and to mitigate the risks and losses associated with security threats to campus networks and network resources, while striving to maintain the free and open access to technology which is one of the campus' core values.
Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus computers could greatly hinder the legitimate activities of University staff, faculty and students. The University also has a legal responsibility to secure its computers and networks from misuse. Failure to exercise due diligence may lead to financial liability for damage done by persons accessing the network from or through the University. This document will provide the policy required to implement and enforce responsible network security practices.
This policy is subject to revision and will be evaluated as needed. Procedures and guidelines associated with this policy will be posted on the IITS Network Security Website.
II. GOALSThe goals of this network security policy are:
The California State University San Marcos provides network resources to its divisions, faculties and departments in support of its Academic Mission. This policy puts in place measures to prevent or at least minimize the number of security incidents on the campus. Some of these measures may impact, or make more difficult, the free exchange of information and open connectivity that was, before the onset of the many computer viruses and hacking tools, a standard practice on campus networks.
The responsibility for the security of the University's computing and network resources rests with the system administrators who manage those resources. Instructional & Information Technology Services (IITS) will carry out these responsibilities according to this policy. In the event a network device is maintained outside of the IITS department, the person responsible for that device is required to adhere to these policies.
When a security problem (or potential security problem) is identified on a system not managed by IITS, IITS will seek the co-operation of the appropriate contacts for the systems and networks involved in order to resolve such problems, but in the absence or unavailability of such individuals IITS may need to act unilaterally to contain the problem. Such action may include temporary isolation of systems or devices from the network, and notification of the responsible system administrator when this is done
The University Computing and Telecommunications Committee (UCTC) will review and respond to formal complaints resulting from the implementation of this policy. IITS will prepare an annual report for UCTC and when necessary, make recommendations to UCTC regarding Computer and Network Security Policy changes.
In support of this policy, IITS will:
Network Resources: Network resources include any networks connected to the California State University San Marcos backbone, any devices attached to these networks and any services made available over these networks. Devices and services include network servers, peripheral equipment, workstations and personal computers.
System Administrator: "System Administrator" refers to the individual who is responsible for system and network support for computing devices in a local computing group. In some instances, this may be a single person, while in others the responsibility may be shared by several individuals some of whom may be at different organizational levels.
For information about this policy or for clarification of any of the provisions of this policy, please contact the Manager of Computer Security Administration at firstname.lastname@example.org