SECURITY & INTEGRITY OF INFORMATION SYSTEMS & TECHNOLOGY AT OZARKA COLLEGE

INTRODUCTION

The security and integrity of Ozarka College's Information Systems & Technology resources (IST) is vital. There are a number of ways IST can be compromised and all who use the resources have a part to play in guarding the IST resources at Ozarka.

Attacks that are aimed to compromise the security and integrity of IST resources can be focused on standalone computers. However those attacks are able to quickly infect other IST resources on the networks to which they are connected.  

As a consequence, it is imperative that protections be implemented and that they are adhered to rigorously. This will reduce the likelihood of a security and integrity outbreaks and minimize the risks associated with any outbreak. Ozarka College has a responsibility to protect its resources. Accordingly, all possible points of entry (internet, e-mail, removal media, personal computers, gateways, servers, employee computers) need to be protected and appropriate actions must be implemented to counter the risks. The success of this program depends on the products available and the regular use of these products by students and employees.

WHAT ATTACKS SECURITY AND INTEGRITY OF SYSTEMS

There are three common ways our computers are attacked. They are:

  • Viruses A virus is a software program or piece of code that infects a computer and reproduces itself to spread throughout the computer or to other computers. Viruses are spread through executable code, which means it must be activated to affect a system and spread. Viruses can sit dormant in computer system until they are activated, either remotely or with a countdown in the code itself.
  • Malware: Malware is short for malicious software. There are different types of malware. A trojan is a type of malware that is surreptitiously downloaded with other software; trojans do not replicate as viruses do, but trojans are generally more malicious because they steal information and “phone home” that information to its master. The name “trojan” comes from the Greek mythology story about the Trojan Horse. Other malware might include spyware or adware, which track the computer’s user’s computing habits, history, or online shopping browsing and buying. Spyware is intended to keep a record of the activity, while adware is intended to blast the user with targeted ads based on web browsing and online habits. Both do so usually without the user’s knowledge.
  • Phishing: Phishing is the name given for one of the worst computer crimes: identity theft. Phishing attempts usually come in the form of emails, instant messages, or hacked websites. They direct the user to what appears to be a legitimate website or application. The user, assuming the website/application is legitimate, enters his username and password, which is promptly stolen.

Although it is increasingly difficult as crooks become more sophisticated, you can prevent viruses and phishing attacks. Some of the tips given below may require you to radically change your computer use and Internet browsing. But if you have ever experienced a virus or trojan, and tried to fix your computer after getting one, you probably realize very quickly that the ounce of prevention really was worth the pound of cure.

(Information taken from: theoldergeek.com/troubleshooting/security-issues/how-to-avoid-computer-viruses-and-phishing-hacks/)

WHAT CAN BE DONE TO MAXIMIZE SECURITY AND INTEGRITY OF SYSTEMS

Ozarka College will maintain a site license and/or make available virus and malware detection and prevention software for personal computers and servers maintained by the College. College clients who have access to networked personal computers will have direct access to the currently supported virus and malware detection and prevention software. Employees will ensure that the virus and malware software installed on their personal computers is in accordance with this policy, and is not tampered with or removed.

The Information Systems department will monitor virus developments and ensure that clients have access to appropriate tools or information to enable them to protect their personal computers against possible infection by a computer virus or malware.

The Information Systems department will thoroughly investigate any report of a virus and malware infection or possible virus and malware infection. If the report is of a serious nature or the effect is widespread, the Chief Information Officer will be informed so that whatever measures are necessary to deal with the matter can be implemented.

Employees or students will not be asked to supply their username or password to anyone. If maintenance is required on your computer, other procedures will be enacted to carry that out. The Information Systems Department will NOT as you for your username or password – over the phone, in an email, or other forms of communication. Therefore, do NOT supply your username or password no matter how legitimate the request seems.  

Digital Millenium Copyright Act (DMCA)

Digital Millenium Copyright Act (DMCA)
The Digital Millennium Copyright Act (DMCA) is legislation enacted by the United States Congress in October 1998 that made major changes to the US Copyright Act. These changes were necessary in part to bring US Copyright law into compliance with the World Intellectual Property Organization (WIPO) Copyright Treaty and the WIPO Performances Phonograms Treaty. The DMCA also strengthened the legal protection of intellectual property rights in the wake of emerging new information communication technologies.

Digital Millenium Copyright Act (DMCA) and File Sharing at Ozarka College
Downloading and sharing copyrighted material online without permission is unethical and illegal. Ozarka College is dedicated to addressing and resolving issues of copyright infringement, as well as implementing preventative measures and policies to ensure proper use of peer-to-peer (P2P) applications on the campus network.

In addition to sending complaints to Ozarka, copyright owners may also take direct legal action against alleged infringers, and subpoena the college for information about people sharing files. The No Electronic Theft (NET) Act provides for serious criminal penalties, including a fine of up to $250,000 and a potential jail sentence. Lack of knowledge about copyright infringement laws will not excuse one from legal consequences, or from action by the college. It is your responsibility to be aware of the legality of your actions.

How do I know what is legal and what is not when it comes to copying music?
Here is the bottom line: If you distribute copyrighted music without authorization from the copyright owner, you are breaking the law. Distribution can mean anything from "sharing" music files on the Internet to burning multiple copies of copyrighted music onto blank CD-Rs.

Is it illegal to upload music onto the Internet even if I don’t charge for it?
Yes, if the music is protected by copyright and you do not have the copyright holder’s permission. U.S. copyright law prohibits the unauthorized distribution of copyrighted creative work whether or not you charge money for it.

If all I do is download music files, am I still breaking the law?
Yes, if the person or network you are downloading from does not have the copyright holder’s permission. Peer-to-peer systems like KaZaa, Grokster, Gnutella, LimeWire, Morpheus, WinMX, Aimster, and Bearshare have music that is not legal for you to download.

What if I upload or download music to or from a server that is based outside of the U.S.?
If you are in the United States, U.S. law applies to you regardless of where the server may be located.

What if I download or upload poor-quality recordings?
The law prohibits unauthorized copying and/or distribution of digital recordings that are recognizable copies of copyrighted work. The quality of the recordings does not matter.

If I bought the CD, is it okay to make copies of it?
It is illegal to copy a CD for use by someone other than the original purchaser. This means it is illegal to loan a friend a CD for them to copy, and it is illegal for you to make mixed CDs and distribute them to your friends as well.

How do I know if something is copyrighted?
When you buy music legally, there is usually a copyright mark somewhere on the product. Stolen music generally doesn’t bear a copyright mark or warning. Either way, the copyright law still applies. A copyrighted creative work does not have to be marked as such to be protected by law.

Where can I legally download music?
Vist the Center for Copyright Information

Password guidelines and instructions for changing passwords

Password Choice Requirements

  • At a minimum, passwords shall be changed every 90 days.
  • Passwords shall be at least eight characters in length and be a mixture of alpha and non-alpha characters
  • User passwords shall not be reused within six password changes.



Suggested strategies for selecting a valid password:
Choose a word, then scramble it with some random numbers (e.g., buffalo becomes Bu3fa2o).
Convert an easy-to-remember phrase into an acronym. "It is a very fine day" could be abbreviated to "iiavfd", and then by adding two nonalphabetic characters, would become a valid password of iia44fd.


Users must never write down or otherwise record their passwords. Each user is responsible for any action taken with that user's login. No college employees or students should ever share or divulge their password to anyone, including other college students and staff, nor should OC employees and administrators ever request a user to divulge his or her password. Users should change their passwords often--at least once every 90 days for staff/faculty and 180 days for students. Any password that a user believes may have been compromised must be changed immediately.

Users must not attempt to determine another user's password through any means. This prohibition applies to passwords for students, faculty, staff, and friends and accounts on systems reached through the Internet.

Account lockouts: An account will be set to lock out a user for a minimum of five minutes after a maximum of 3 failed login attempts.

Password uniqueness: A history of at least 5 passwords should be kept when technically feasible for each account within a system. New passwords should be checked against this history and users prohibited from re-using any matching entries.
 

Changing Passwords

 

myOzarka

Click on My Tools
Click on Change Password
 

Sonisweb

Click on Systems
Click on Change Password






Note: Resetting a password in the Information Systems department requires that the user present a photo ID.

Electronic Media Policy

Ozarka College collects and maintains electronic information and files from users on a voluntary basis.

 These files are collected and maintained to facilitate the processing of student, employee and alumni records.

All record keeping is done in strict compliance with the Family Educational Rights and Privacy Act (FERPA) (20 u.s.c. § 1232g; 34cfr part 99) Ozarka is required to comply with the Arkansas Freedom of Information Act (FOI) (Ark. Code Ann. § 25-19-101) and may be required to disclose records maintained in the daily operations of the college unless said records are specifically protected by federal or state regulations. Therefore, electronic communication and information could and would be made available upon being presented with a valid FOI request.

Ozarka employees, staff and students should consider the use of electronic media as being subject to disclosure. There is no expectation of privacy in electronic data that is retained by Ozarka unless said data is specifically protected by federal or state regulations.

This policy is intended to comply with Act 1713 of 2003 codified in ACA § 25-1-114.

Computer Usage Policy

All students and employees, whether part-time or full-time, shall observe the following guidelines regulating use of computers and software owned by the College, any communications hardware and software provided by the College for the purpose of accessing its computers, and any computer network governed in part or whole by the College. Persons who violate this policy may be subject to disciplinary action and possible legal action under the Federal Electronics Communications Privacy Act.  

College computing resources are provided for institutional work-related, educational, and academic purposes, and access to these resources and the facilities housing them is a privilege requiring that users conduct their computing activities in a responsible manner, respecting rights of other users and abiding by all computing license agreements.

Respect for intended purposes of academic computing resources
  • Using the system in a way that deliberately diminishes or interferes with system use by others is not permitted.
  • No user may permit another person to use his/her computer account.
  • Printing of e-mail is limited to one copy of academic or work-related messages.
  • E-mail chain letters may not be sent to other users on or off campus. Sending of such letters is prohibited by federal law.
  • No computer or telecommunications device may be used to transmit obscene, vulgar, profane, lewd, lascivious, or indecent language or image or to make any suggestion or proposal of an obscene nature or to threaten any illegal or immoral act with the intent to coerce, intimidate, or harass any person or persons. Violation of this prohibition may be considered a Class I misdemeanor under Arkansas state law. Use of computing resources for the display or transmittal of sexually explicit or abusive language or images (e.g., any and all items that might be considered offensive by any person receiving or potentially viewing such items) will be handled under the College's sexual harassment policy as found in BPPM 2.48.
  • Development or execution of programs that could harass other users or damage or alter software configurations will not be tolerated.
  • All users of College computing laboratories must abide by any and all posted regulations.
  • Academically-related activity takes precedence over casual use, such as playing games, participating in on-line chats/activities, or sending and receiving e-mail.
  • College computing resources may not be used for private commercial purposes, such as sending e-mail or constructing Web pages to solicit private business.
  • Computers, public terminals, printers, and networks must be shared equitably to make the most efficient and productive use of College resources.

Respect for other persons' privacy
No person may intentionally use another person's account or seek information on, obtain copies of, or modify another person's files, passwords, or any type of data or programs unless specifically authorized to do so by the account owner for a specific purpose.
Ozarka College will make every effort to safeguard the privacy of messages transmitted by the electronic mail system. Users, however, should be aware of the following:
  1. It may be possible for individuals to obtain unauthorized access to the mail gateway or for authorized users to obtain unauthorized access to other users' electronic mail.
  2. Ozarka College may be ordered by a court of law to surrender communications that have been transmitted by electronic mail.
  3. If a user is under investigation for misuse of electronic mail, his/her account may be suspended, and his/her e-mail read as it applies to the alleged offense.
  4. A user's electronic mail may be purged after an appropriate period as determined by Information Systems staff, whether or not the messages have been read by the intended recipient.
Users must change their passwords on a regular basis to help maintain privacy.

Respect for copyright
  1. All members of the College community shall adhere to the provisions of copyright law. Persons wishing to see full text of federal law may consult with library staff.
  2. Persons who willfully disregard copyright law do so at their own risk and assume all liability.
  3. The doctrine of fair use, while not specifically regulated, suggests that materials originally prepared for public consumption are more open to reproduction than materials originally developed for classroom or other more private use. Use of a small portion of a copyrighted text, as in a brief quotation or for purposes of a review, may also be permitted. Any reproduction, however, which has the potential to deprive the item's creator of profit otherwise available from a potential market and sales is unlikely to be found a fair use.
  4. Ozarka College negotiates site licenses with software vendors whenever possible. Copying, therefore, is strictly limited except for backup purposes, with the backup copy not to be used at all as long as the original is functional.
Responsibilities of Information Systems staff
  1. Information Systems staff will provide access to the College's existing software through the general computing labs, computing classrooms, and networks.
  2. Information Systems staff will monitor hardware and software licenses that affect student computing labs and computer classrooms.
  3. Information Systems staff will make every effort to ensure the integrity of all computer resources and information stored on the network file server. Ozarka College, however, is not responsible for any loss of information.
  4. Information Systems staff or their representatives reserve the right to ask users engaged in non-academic activities to logoff the system to allow other users to engage in academic activities.
  5. Information Systems staff will regularly instruct users to change their passwords.
Infractions of computer resource policies
  1. The President will appoint a Computer Ethics Review Board which will review any infraction of computer resource policies and recommend appropriate sanctions to the Administrative Council.
  2. Violators of policies other than those related to copyright law may expect to incur sanctions such as suspension of user's privileges for a specified time in the case of a first offense. Further offenses may result in permanent suspension of privileges. Continued serious offenses may result in further penalties.
  3. Persons violating copyright law may be subject to the full range of legal penalties.
  4. Persons who disagree with actions of the Computer Ethics Review Board may follow normal College grievance procedures, as found in BPPM 2.32 (employees) and BPPM 5.40 (students).


Freedom of Information

Ozarka College maintains computer databases and files necessary to process student records registration, and financial aid. These database records are maintained by Information Systems. For more information, contact Scott Pinkston, Director of Information Systems at 870.368.2016. This information is intended to comply with the Arkansas Freedom of Information Act codified at ACA 25-19-108.