SECURE COMPUTING REQUIREMENT POLICY

Purpose

A virus is a piece of potentially malicious programming code that will cause some unexpected or undesirable event. Viruses can be transmitted via e-mail or instant messaging attachments, downloadable Internet files, diskettes, and CDs. Viruses are usually disguised as something else, and so their presence is not always obvious to the computer user. A virus infection can be very costly to the students, faculty, and staff of Georgetown College in terms of lost data, lost productivity, and/or lost reputation.

Spyware/adware is any software that covertly gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes. Spyware/adware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with these types of programs. Once installed, the programs monitor user activity on the Internet and transmits that information in the background to someone else. Spyware/adware can also gather information about e-mail addresses and even passwords.

One of the goals of Information Technology Services is to provide a secure computing environment that is virus-free and minimally impacted by spyware and adware. The purpose of this policy is to provide instructions on measures that must be taken by computer users at Georgetown College to help achieve effective secure computing.

Scope

This policy applies to all computers that are connected to the Georgetown College network via a standard network connection, wireless connection, modem connection, or virtual private network connection. This includes both college-owned computers and personally-owned computers attached to the Georgetown College network. The definition of computers includes desktop workstations, laptop computers, handheld computing devices, and servers.

General Policy

  1. Currently, Georgetown College has a site license for Microsoft anti-virus/anti-spyware software which applies to all College owned PCs connected to the Active Directory Domain.  The software will be installed by the Helpdesk or by Network Admins.  The most current versions of the software packages will be taken as the default standard. A list of suggested “Free” anti-virus programs can be found on the ITS website.
  2. All computers attached to the Georgetown College network must have standard, supported protective software installed. This software must be active, be scheduled to perform virus checks at regular intervals, and have its virus definition files kept up to date.
  3. Any activities with the intention to create and/or distribute malicious programs onto the Georgetown College network (e.g. viruses, worms, Trojan horses, e-mail bombs, etc.) are strictly prohibited.
  4. If an employee or student receives what he/she believes to be a virus, or suspects that a computer is infected with a virus, it must be reported to the Help Desk immediately at x4357. Report the following information (if known): virus name, extent of infection, source of virus, and potential recipients of infected material.
  5. No employee should attempt to destroy or remove a virus, or any evidence of that virus, without direction from the ITS department.
  6. Any virus-infected computer will be removed from the network until it is verified as virus-free.
  7. Network protection devices/appliances will be implemented when possible to help prevent malicious web sites/applications from infecting the campus community.

 Rules for Virus Prevention

  1. Always run the standard or suggested anti-virus software.
  2. Never open any files or macros attached to an e-mail from an unknown, suspicious, or untrustworthy source.
  3. Never open any files or macros attached to an e-mail from a known source (even a coworker) if you were not expecting a specific attachment from that source.
  4. Be suspicious of e-mail messages containing links to unknown Web sites. It is possible that the link is a malicious executable (.exe) file disguised as a link. Do not click on a link sent to you if you were not expecting a specific link.
  5. Files with the following filename extensions are blocked by the e-mail system: .pif, .scr, .bat, cmd, .inf, .exe, .com, .vbs. If you need to receive one of the aforementioned file types from a known source, have the sender edit the extension to something else and then you can rename the file after you receive it.
  6. Never copy, download, or install files from unknown, suspicious, or untrustworthy sources or removable media.
  7. Avoid direct disk sharing with read/write access. Always scan a portable media (USB drives, CDs, etc) for viruses before using it.
  8. If instructed to delete e-mail messages believed to contain a virus, be sure to also delete the message from your Deleted Items or Trash folder.
  9. Back up critical data and systems configurations on a regular basis and store backups in a safe place.
  10. Regularly update virus protection on personally-owned home computers that are used for business purposes. This includes installing recommended security patches for the operating system and other applications that are in use.  Faculty and staff may install the Microsoft anti-virus software they receive from Georgetown College on their home computers as well.

 Rules For Spyware Prevention

  1. Never open email from persons unknown or with any files or macros attached to an e-mail.
  2. Make sure you are up-to-date on all patches and security fixes on your operating system and web- browser.
  3. Be careful what you download.  Read all dialogue boxes carefully and close anything that looks suspicious.  Be sure to use the “X” to close the window.  Many sites feature mock “X’s” or “Close: or “OK” buttons within the ad.  Clicking on them actually clicked on the ad itself.  If you’re not sure how to safely close a window that has opened in your browser, right click on the window in your Windows Taskbar and click on “Close.”
  4. If you use file-sharing applications to trade multimedia files, you are at a higher risk than most to be infected by spyware.

ITS Department Responsibilities

The following activities are the responsibility of the Georgetown College ITS department:

  1. The ITS department is responsible for maintaining and updating this Secure Computing Requirement Policy. Copies of this policy will be posted on ITS website. Check this location regularly for updated information.
  2. The ITS department will keep the anti-virus and anti-spyware/adware products it provides up-to- date in terms of both virus definitions and software versions in use.
  3. The ITS department will apply any updates to the services it provides that are required to defend against threats from viruses.
  4. The ITS department will install anti-virus and anti-spyware software on all new Georgetown College owned desktop workstations, laptops, and servers.
  5. The ITS department will assist students, faculty, and staff with installing anti-virus software according to standards on personally-owned computers that will be used for business purposes. The ITS department will install at the users request one of the suggested “Free” anti-virus software packages in these cases.
  6. The ITS department will take appropriate action to contain, remove, and assist in recovery from virus infections. In order to do so, the ITS department may be required to disconnect a suspect computer from the network or disconnect an entire segment of the network.
  7. The ITS department will attempt to notify users of Georgetown College systems of any credible virus threats via e-mail or telephone messages. Virus reports will not be acted upon until validated. Employees should not forward these or any virus warning messages in order to keep network traffic to a minimum.

Department and Individual Responsibilities

The following activities are the responsibility of Georgetown College students, faculty, departments and staff:

  1. All computers must have secure computing protection that is in keeping with the standards set out in this policy.
  2. Personally-owned computers used for college purposes must implement virus and spyware protection processes and procedures that are in keeping with the standards set out in this policy.
  3. All computer users are responsible for taking reasonable measures to protect against virus and spyware infection.
  4. Computer users must not attempt to either alter or disable anti-virus software installed on any computer attached to the Georgetown College network without the express consent of the ITS department.

 Enforcement

Any computer user who is found to have violated this policy may be subject to disciplinary action specified in either the student/faculty/staff handbook.

Policy Effective Date: 06/01/2005
Policy Updated: 06/26/2013


© 2014 Georgetown College • 400 East College Street, Georgetown, KY 40324 • 1-800-788-9985

Georgetown College admits students of any race, color and national or ethnic origin.