Due to the technological revolution in the workplace, businesses such as Southeastern Technical College (STC) have turned to computer technology as the primary tool used to communicate, perform research, and accumulate information.
Electronic information research skills are now fundamental to preparation of citizens and future employees. STC expects faculty to blend thoughtful use of the Internet throughout the curriculum and provide guidance and instruction to students in its use. As much as possible, access from STC to Internet resources should be structured in ways that point students to those resources that have been evaluated prior to use. While students shall be able to move beyond those resources to others that have not been previewed by staff, they shall be provided with guidelines and lists of resources particularly suited to learning objectives. Students and employees utilizing technical college-provided Internet access are responsible for good behavior on-line just as they are in a classroom or other area of the college.
As the number of users logging on to the colleges network at the school or by remote access has increased, so has the possibility of STCs computer resources being mistreated; compromised; or experience unauthorized access, disclosure, destruction, modification, or loss. With easy access to STCs Internet and network resources, it is very important to have well-defined computer use guidelines. Well defined regulations/procedures help protect the end-user as well as STC.
Using a computer without permission is theft of services and is illegal under state and federal laws. Federal law prohibits misuse of computer resources. In addition, the following specific computer crimes are prohibited by state law in Georgia (O.C.G.A. § 16-9-90 et seq.:
a. Computer Theft
b. Computer Trespass
c. Computer Invasion of Privacy
d. Computer Forgery
Effective security is a team effort involving the participation and support of every STC employee and any affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly. Users of STC computers and computer systems are subject to the Technical College System of Georgia (TCSG) policy and the STC procedure on the development of Intellectual Property.
Users of STC computers and computer systems or hosted services are subject to the STCs Information Security Standards. STC makes no warranties of any kind, either express or implied, for the computers, computer systems and Internet access it provides. STC shall not be responsible for any damages users suffer, including but not limited to loss of data resulting from delays or interruptions in service. STC shall not be responsible for the accuracy, nature or quality of information gathered through technical college hard drives or servers; nor for the accuracy, nature or quality of information gathered through technical college-provided Internet access. STC shall not be responsible for personal property used to access its computers or networks or for technical college-provided Internet access. STC shall not be responsible for unauthorized financial obligations resulting from technical college-provided access to the Internet.
These standards are equally applicable to employees of STC, wherever housed, and to employees and students of the technical college.
The purpose of STC provided computers, computer systems, and Internet access is to facilitate the development of skills and enhance communications in support of research, and education, and workforce development. To remain eligible as users, employees and students' use must be in support of and consistent with the educational objectives of STC access is a privilege, not a right. Access entails responsibility. The purpose of this procedure is to outline the acceptable use of computer equipment at STC. These rules are in place to protect STC as well as its employees, students, and guests. Inappropriate use exposes STC to risks including virus attacks, compromise of network systems and services, and legal issues.
This procedure applies to employees, students, contractors, consultants, temporaries, and other workers at STC, including all personnel affiliated with third parties. This procedure applies to all equipment that is owned or leased by STC.
4.1 General Use and Ownership
1. While STC's network
administration desires to provide a reasonable level of privacy, users
should be aware that the data they create on the college systems remains
the property of STC. Because of the need to protect STC's network,
users should not expect files stored on STCs computers and/or network
to be private. Electronic messages and files stored on STC computers shall be treated like other STC premises that are temporarily assigned for individual use. Administrators may review files and messages in an effort to maintain system integrity and in an effort to insure that users are acting responsibly. Moreover, STC officials are expected to cooperate with law enforcement officials who are properly authorized to search STC computers and computer systems.
2. End-users are
responsible for exercising good judgment regarding the reasonableness of
personal use. Occasional and appropriate personal use is
acceptable and permitted by the college. However, this use should
be brief, infrequent, comply with this procedure, and shall not interfere
with the users performance, duties, and responsibilities.
3. For security and network
maintenance purposes, authorized individuals within STC may monitor
equipment, systems and network traffic at any time.
4. STC reserves the right
to audit networks and systems on a periodic basis to ensure compliance
with this procedure.
5. Only the Information
Technology Department staff is authorized to provide support, perform
installations of new equipment/software, and/or configure devices for
the multi-campus network.
6. Any individual
associated with STC needing to connect personally owned devices to the
colleges network must obtain prior approval from the Information
4.2 Security and
1. Keep passwords secure
and do not share accounts. Authorized users are responsible for the
security of their passwords and accounts. Passwords should be changed
every 90 days.
2. All faculty and staff
PCs, laptops and workstations should be secured with a
password-protected screensaver with the automatic activation feature set
at 10 minutes or less, or by logging-off (control-alt-delete) when the
host will be unattended.
3. Because information
contained on portable computers is especially vulnerable, special care
should be exercised.
4. Any and all critical
information (data, files, etc) should be saved to the network. The
IT Department is not responsible for any end-user files not saved to the
5. Postings by employees
from a STC email address to newsgroups should contain a disclaimer
stating that the opinions expressed are strictly their own and not
necessarily those of STC, unless posting is in the course of business
6. All computers that are
connected to the STC Internet/Intranet/Extranet, whether owned by an
employee, student, third-party, or STC, shall be continually executing
approved virus-scanning software with a current virus database.
7. Employees and students
must use extreme caution when opening e-mail attachments received from
unknown senders, which may contain viruses, e-mail bombs, or Trojan
4.3. Unacceptable Use
no circumstances is an employee, student, or third-party of STC
authorized to engage in any activity that is illegal under local, state,
federal or international law while utilizing STC-owned resources.
In addition to the computer crimes delineated in O.C.G.A 16-9-93, the lists below are by no means
exhaustive, but attempt to provide a framework for activities which fall
into the category of unacceptable use.
System and Network
following activities are strictly prohibited, with no exceptions:
1. Violations of the rights
of any person or company protected by copyright, trade secret, patent or
other intellectual property, or similar laws or regulations, including,
but not limited to, the installation or distribution of "pirated" or
other software products that are not appropriately licensed for use by
2. Unauthorized copying of
copyrighted material including, but not limited to, digitization and
distribution of photographs from magazines, books or other copyrighted
sources, copyrighted music, and the installation of any copyrighted
software for which STC or the end user does not have an active license
is strictly prohibited. Knowingly transmit copyrighted material using peer to peer file sharing technology.
3. Exporting software,
technical information, encryption software or technology, in violation
of international or regional export control laws, is illegal. The
appropriate management should be consulted prior to export of any
material that is in question.
4. Create, install, or knowingly distribute a computer virus, rootkit, keystroke logger, "Trojan horse," Malware, or other surreptitiously destructive program on any STC computer or network facility, regardless of whether any demonstrable harm results.
5. Revealing your account
password to others or allowing use of your account by others. This
includes family and other household members when work is being done at
6. Using an STC computing
asset to actively engage in procuring or transmitting material that is
in violation of sexual harassment or hostile workplace laws in the
user's local jurisdiction.
7. Making fraudulent offers
of products, items, or services originating from any STC account.
8. Effecting security
breaches or disruptions of network communication. Security
breaches include, but are not limited to, accessing data of which the
employee, student, or third-party is not an intended recipient or
logging into a server or account that the employee, student, or
third-party is not expressly authorized to access, unless these duties
are within the scope of regular duties. For purposes of this
section, "disruption" includes, but is not limited to, network sniffing,
pinged floods, packet spoofing, denial of service, and forged routing
information for malicious purposes.
9. Port scanning or
security scanning is expressly prohibited unless prior authorization
from the Information Technology Department authorized.
10. Executing any form of network
monitoring which will intercept data not intended for the end-user's
host, unless prior approval of this activity from the Information
Technology Department is authorized.
11. Circumventing user authentication
or security of any host, network, or account.
12. Perform any activity that could cause the loss, corruption of, prevention of rightful access to, or unauthorized distribution of STC data and information. Interfering with or denying service
to any other host or user other than the end-users host (for example,
denial of service attack).
13. Using any program/script/command,
or sending messages of any kind, with the intent to interfere with, or
disable, a user's terminal and/or network session, via any means,
locally or via the Internet/Intranet/Extranet.
14. Providing information about, or
lists of, STC employees to parties outside STC.
15. Create, access or transmit sexually explicit, obscene, or pornographic material.
16. Create, access or transmit material that could be considered unlawful conduct based on race, color, creed, national or ethnic origin, gender, religion, disability, age, genetic information, political affirmation or belief, disabled veteran, veteran of the Vietnam Era or citizenship status addressed directly to any individual or group that has the purpose or effect of unreasonably and objectively interfering with that individual or groups: (1) performance, (2) work or educational environment or (3) ability to participate in an educational program or activity.
17. Violate any local, state or federal statute.
18. Vandalize, damage, or disable the property of another individual or organization.
19. Access another individual's password, materials, information, or files without permission.
20. Conduct private or personal for-profit activities. This includes use for private purposes such as business transactions, private advertising of products or services, and any activity meant to foster personal gain.
21. Knowingly endanger the security of any STC computer or network.
22. Willfully interfere with another's authorized computer usage.
23. Knowingly connect any computer to any of the STC networks unless it meets technical and security standards.
24. Modify or reconfigure the software or hardware of any STC computer or Network without proper authorization.
25. Conduct unauthorized not-for-profit business activities.
26. Conduct any activity or solicitation for political or religious causes.
27. Create, access, or participate in online gambling. Occasional access to information or websites of the Georgia Lottery Corporation shall not constitute nor be considered inappropriate use.
28. Knowingly evade Internet content filtering or other traffic monitoring tools using VPN, Proxy Services, or similar technologies.
Email and Communications Activities
1. Sending unsolicited
email messages, including the sending of "junk mail" or other
advertising material to individuals who did not specifically request
such material (email spam).
2. Any form of harassment
via email, telephone, or paging, whether through language,
frequency, or size of messages.
3. Unauthorized use, or
forging, of email header information.
4. Solicitation of email
for any other email address, other than that of the poster's account,
with the intent to harass or to collect replies.
5. Creating or forwarding
"chain letters", "Ponzi" or other "pyramid" schemes of any type.
6. Use of unsolicited email
originating from within STC's networks of other
Internet/Intranet/Extranet service providers on behalf of, or to
advertise, any service hosted by STC or connected via STC's network.
7. Posting the same or
similar non-business-related messages to large numbers of Usenet
newsgroups (newsgroup spam).
Abuse or misuse of computing/information technology services may violate this procedure, but it may also violate criminal statutes. Therefore, STC will take appropriate action in response
to user abuse or misuse of computing/information technology services.Violations of these policies incur the same types of disciplinary measures as violations of other STC policies or state or federal laws, including criminal prosecution. Action may include, but not necessarily limited to, the following:
1. Suspension or revocation
of computing privileges. Access to all computing facilities and
systems can, may, or will be, denied;
2. Reimbursement to
Southeastern Tech for resources consumed;
3. Other legal action
including action to recover damages;
4. Referral to law
5. Computer users (faculty,
staff and/or students) will be referred to the appropriate office for
End-user: Any person using STCs information systems and/or computers.
Ponzi: Fraudulent investment operation that involves
paying returns to investors out of the money raised from
Spam: Unauthorized and/or unsolicited electronic mass
Trojan horse: A program in which malicious or harmful code is
Virus: A software program capable of reproducing itself
and usually capable of causing great harm to files or other
programs on the same computer.
Computer theft: Theft of computer services, intellectual property such as copyrighted material, and any other property.
Computer trespass: Unauthorized use of computers to delete or alter data or interfere with others' usage.
Computer invasion of privacy: Unauthorized access to financial or personal data or the like.