Homework SourseEvaluate the decision to have a computer usage policy and th
Evaluate the decision to have a computer usage policy and the potential problems associated with such a policy.
Solution
Georgia Tech’s Computer and Network Usage and Security Policy (CNUSP) provides the guiding principles for use of Information Technology (IT) Resources at Georgia Tech. It is the policy of the Institute that its IT resources be used ethically and legally, in accord with applicable licenses and contracts, and according to their intended use in support of the Institute’s mission. Faculty, staff, and students are expected to behave in an ethical1 and professional manner when using IT Resources.
The CNUSP establishes the necessary balance between Georgia Tech’s culture of openness, trust, and integrity and the appropriate level of security to protect resources. The principles established are:
Respect for Users
Members of the Georgia Tech community have the responsibility to respect the privacy of others.
Data Confidentiality and Integrity
Users of Georgia Tech IT resources are responsible for upholding the confidentiality and integrity of data to which they have access.
Users of Georgia Tech IT resources are responsible for upholding the confidentiality and integrity of data to which they have access. Users are prohibited from inspecting, copying, altering, distributing or destroying anyone else’s files or network traffic, including but not limited to those related to Institute business, research, and teaching, without proper authorization.
Proper authorization may be required not only from the person from whom the data originated, but also from Institute management or Institute data stewards. If there is a question, users are encouraged to check with their management before attempting to access the data without permission.
Users who are authorized to access sensitive data (e.g. student data) are not authorized to distribute this data to other uses or grant other users access to the same data without permission from the Data Steward. Permission to access sensitive data may be obtained through Data Stewards per the Data Access Procedures.
Protection of IT Resources
Georgia Tech users are expected to respect the integrity of Georgia Tech IT resources to which they have access.
This includes but is not limited to modifying sftware, systems, or networks that are not owned or managed by the user; accessing systems that you are not authorized to access; knowingly installing or running malicious or disruptive sftware.
Authorized users have a responsibility to ensure the security and integrity of personally owned or managed systems, as well as Institute Data accessed through such systems. Unit Technical Leads have the responsibility to authorize connections to the unit or departmental networks, excluding LAWN connections. Users may consult with their Technical Leads on security and system administration issues and responsibilities, although Technical Leads bear no responsibility for maintaining personally owned systems. Systems connecting to Georgia Tech resources must adhere to an appropriate set of security requirements, as documented in the Computer and Network Security Procedures.
Georgia Tech recognizes the value of the research being done in the areas of computer and network security. During the course of their endeavors, researches may have a need to work with malicious sftware and with systems that do not adhere to the security standards described above. Researchers are responsible for their actions and research and must take all necessary precautions to ensure that their research will not affect other Georgia Tech systems, networks, or users.
Protection of Sensitive Data
In receiving access to privileged or sensitive data, authorized users accept responsibility to protect the information accessed and used on their computer.
Protection of Research Data
Researchers are responsible for the safeguarding of data that is created during the course of research projects.
Remote Access to GT Protected Resources
Georgia Tech users should use a secure method to access protected Georgia Tech resources remotely.
| tegrity of Resources and Protection of Data | |
|---|---|
| Respect for Users Members of the Georgia Tech community have the responsibility to respect the privacy of others. | Users of Georgia Tech resources must not attempt to access data or systems they are not authorized to access and are expected to respect the integrity of Georgia Tech IT resources. |
| Data Confidentiality and Integrity Users of Georgia Tech IT resources are responsible for upholding the confidentiality and integrity of data to which they have access. | Users of Georgia Tech IT resources are responsible for upholding the confidentiality and integrity of data to which they have access. Users are prohibited from inspecting, copying, altering, distributing or destroying anyone else’s files or network traffic, including but not limited to those related to Institute business, research, and teaching, without proper authorization. Proper authorization may be required not only from the person from whom the data originated, but also from Institute management or Institute data stewards. If there is a question, users are encouraged to check with their management before attempting to access the data without permission. Users who are authorized to access sensitive data (e.g. student data) are not authorized to distribute this data to other uses or grant other users access to the same data without permission from the Data Steward. Permission to access sensitive data may be obtained through Data Stewards per the Data Access Procedures. |
| Protection of IT Resources Georgia Tech users are expected to respect the integrity of Georgia Tech IT resources to which they have access. | This includes but is not limited to modifying sftware, systems, or networks that are not owned or managed by the user; accessing systems that you are not authorized to access; knowingly installing or running malicious or disruptive sftware. Authorized users have a responsibility to ensure the security and integrity of personally owned or managed systems, as well as Institute Data accessed through such systems. Unit Technical Leads have the responsibility to authorize connections to the unit or departmental networks, excluding LAWN connections. Users may consult with their Technical Leads on security and system administration issues and responsibilities, although Technical Leads bear no responsibility for maintaining personally owned systems. Systems connecting to Georgia Tech resources must adhere to an appropriate set of security requirements, as documented in the Computer and Network Security Procedures. Georgia Tech recognizes the value of the research being done in the areas of computer and network security. During the course of their endeavors, researches may have a need to work with malicious sftware and with systems that do not adhere to the security standards described above. Researchers are responsible for their actions and research and must take all necessary precautions to ensure that their research will not affect other Georgia Tech systems, networks, or users. |
| Protection of Sensitive Data In receiving access to privileged or sensitive data, authorized users accept responsibility to protect the information accessed and used on their computer. | Authorized users may have access to privileged information that must be protected. Employees must take all necessary steps to prevent unauthorized access to this information. Users may obtain help in protecting their systems and data from their unit’s IT staff or from OIT. |
| Protection of Research Data Researchers are responsible for the safeguarding of data that is created during the course of research projects. | Researchers should review contracts that are in effect for a research project and make sure that all IT security requirements are being met. In addition, researchers should make sure that research data is stored in a safe, secure manner so that it may be recovered in the event of a loss. |
| Remote Access to GT Protected Resources Georgia Tech users should use a secure method to access protected Georgia Tech resources remotely. | In the event that a user needs to connect to protected Georgia Tech resources (e.g. servers with sensitive or research data) using a remote access solution, several safe and secure options are available from Georgia Tech OIT and Unit IT departments. Additional information is available in the Georgia Tech Remote Access Policy and Standard. Administrators of Georgia Tech’s enterprise systems should use the campus VPN service as a secure method to connect to these resources. |
