9I果冻制作厂

Information Security Plan

We have instituted a computer-enforced policy that requires all users to change their password on a regular basis. This is standard practice in most modern networks and is required to help secure important data and system access.

If you haven’t been prompted to create a new password yet, you soon will be. In order to ensure security, the password you create must meet certain standards.

Setting passwords, best practice and what to聽avoid:

Have a password & do not share it with聽others.

A password serves as a means to authenticate the identity of the person using an account. Only the authorized user is meant to have access to the account and a password helps prevent misuse by unauthorized users. Remember, the authorized user will be held responsible for misuse of the account if the password is聽shared.

Make passwords hard to聽guess.

It is a safe bet a hacker knows all the tricks. Avoid using anything that is easily attainable online. Things such as your first or last name or a combination of them can be easily cracked. Account names are another example of something to avoid. Silly tricks such as making your password, 鈥減assword鈥� are also easily聽cracked.

础迟听尘颈苍颈尘耻尘鈥�

鈥�use password made up of a mix of upper and lower case letters, numbers and symbols, no less than 8 characters in length 鈥� preferably 12 or 16. These constraints combine to increase the complexity of your password making it much more difficult to crack.

Change your password on a regular聽basis.

You would be surprised how often you may accidentally expose your password to others. This will cut down on the possibility of misuse by others.

Store your password in a safe聽place.

While it is understandable that users often need to record their passwords, it really is not a good practice to write them down. Password lists should be stored in a safe place, such as a strongly encrypted file with a good encryption key. In any case, great care must be taken to safeguard the password when it is used and to be sure to return it to a safe storage immediately after聽use.

And so it聽follows鈥�

Do not leave passwords where others can find聽them.

Do not leave your password on a post-it on your desk or written down in any other places where someone could easily find it. Certainly do not write down, 鈥淭his is the password for 鈥�.鈥�. If you absolutely must write down your passwords, keep them in a secure, locked place. Also, do not leave your passwords where others can find them electronically. Never send them in email, post them to a site, leave them online in a file,聽etc.

Preferably, use a password keeper utility like聽听辞谤听.

The password that you can change here applies to 9I果冻制作厂 email, Microsoft Office 365, computer login, printer login, WiFi registration, intranet, and some other services.

It does NOT apply to the Engage online learning system, nor to WebAMC (also known as “Online Student Services” or “EmpowerWeb”).

For further support, please contact us at ITSupport@annamaria.edu or 508-849-3500.

Higher Education & Data聽Security

In General, our institutional systems are designed on the principles of free information exchange to accommodate diverse user populations. The concept of free exchange of information, ideas and research do however create unique security challenges. Compliance with various regulations including FERPA, HIPAA, PCI DSS as well as other state and federal privacy regulations often puts the burden of protection on all our shoulders. The following are beginning steps, we as a community can take, to share the security聽responsibility.

What is at risk?

• Personally identifiable information聽(PII)
• 颁谤别诲颈迟听肠补谤诲
• Bank account聽numbers
• 贬别补濒迟丑听谤别肠辞谤诲蝉
• Financial records of students and possibly their聽parents
• Registrar鈥檚 office聽information
• Financial aid聽information
• 搁别蝉别补谤肠丑听诲补迟补产补蝉别蝉

What steps can you take to better secure your聽information?

Use strong passwords and change your passwords聽often.

• Remember a strong password is one that is not obvious or easy to guess. A strong password should be a mix of upper and lower case letters, numbers and symbols, no less than 8 characters in length 鈥� preferably 12 or聽16.
• Do not share your password or username with聽others.
• Do not email your password to聽others.
• Always change the default password when you receive a new account that requires a password and assigns a聽default.
• Make it a practice to change your password every 90 days, especially when using public computers. This practice will better prevent people from knowing and utilizing your聽password.
• When setting up multiple accounts, use unique passwords for each聽account.
• Try not to write your passwords down; choose passwords that are easy to remember. If you must write them down, keep it in a secure place. Consider using a password keeper utility like聽听辞谤听.
• Do not log others into a computer with your password, as you are responsible for your聽account.

Use the standard anti-virus programs and be aware of steps to take to minimize computer virus risks. New viruses appear constantly and daily virus definition updating decreases the risk of computers becoming infected. All computers joining the 9I果冻制作厂 domain are mandated to be virus protected.

Email &聽Attachments

Remember, If you receive an unexpected email attachment, even if you know the sender, do not open the attachment unless you can answer 鈥淵ES鈥� to all three of the following聽conditions:

• I know exactly what this file聽is.
• I have scanned this file with my virus scan AND I have ensured that my virus scan was recently聽updated.
• I have verified the identity of the sender and their intentions via email or phone聽call.

What else can you聽do?

Do not save sensitive date to unsecured聽devices.

• Laptops, memory sticks, memory cards should be encrypted whenever sensitive data is聽involved.
• You can also encrypt data when sent via an聽email.

Purpose

This document defines the campus policy for the acceptable use of 9I果冻制作厂’s computing resources by employees and students.聽 Modifications and corrections, exceptions, and or changes to this policy may only be made by the Chief Information Officer.聽 The following guidelines are intended to supplement existing laws, agreements, and regulations.

Privacy

All 9I果冻制作厂 users will preserve the privacy information belonging to other individuals that is stored using College computing resources.聽 Users agree not to acquire, modify, distribute or delete any information belonging to another individual without explicit permission.聽 All users recognize that 9I果冻制作厂 is subject to the Family Educational Rights and Protection Act (FERPA) Buckley Amendment regulations regarding student records.

Private Gain

9I果冻制作厂 users agree not to utilize computing resources owned, leased, or maintained by the College for private financial gain, except for personal compensation from the College or with authorization by the College Administration.

Damage

All 9I果冻制作厂 users agree to exercise careful and responsible actions when handling computing devices and assume full responsibility for any loss, damage or destruction of such devices that is caused by negligence, misuse, abuse or carelessness.聽 Users will not cause intentional damage to computer systems including altering software configurations, records, or accounts.

Inappropriate Behavior

9I果冻制作厂 users agree not to take any actions that constitute inappropriate behavior including, but not limited to, the following:

• Utilizing another user鈥檚 account and password;
• Creating, accessing, or transmitting material considered sexually-explicit or pornographic;
• Unauthorized distribution of copyrighted material, including unauthorized peer-to-peer file sharing. 聽(Violators may be subject to civil and criminal liabilities;
• Intentionally infecting the network with malicious code (e.g. malware, spyware, viruses, etc.);
• Connecting networking equipment including but not limited to servers, routers, and wireless access points to the campus network without written authorization from the Information Technology Systems Office;
• Inappropriate, offensive, harassing or abusive language to other users in or outside the College;
• Tampering with or modifying equipment made available for use;
• Obtaining additional resources not authorized to the individual user or unauthorized access to systems.

Users connected with such activity will answer to the office of the Dean of Student Students for disciplinary action. 聽All illegal activities will be reported to the proper authorities and pursued under the laws of the State of Massachusetts.

Termination

All electronic access accounts remain the property of 9I果冻制作厂 and are subject to termination upon graduation, withdrawal from courses, leaving the College鈥檚 employ, or as directed by the Board of Directors, College Administration, or the Chief Information Officer.聽 Primary data backup is the user鈥檚 responsibility as College assumes no liability for loss via intentional or unintentional means.

Licenses and Restrictions

9I果冻制作厂 users must abide by patent and/or copyright restrictions that relate to the use of computer facilities, products, files, programs, or documentation.聽 Users may not copy or modify licensed software, files, and/or accompanying materials without the expressed consent of the licensee.聽 Users may not use any computing resources belonging to the College for the purpose of violating any software license agreement or any applicable local, state, or federal laws.聽 All privately-owned software loaded on any College system must be installed by ITS or approved for install by the Chief Information Officer and a copy of the licensing agreement placed on file.

Summary of Civil and Criminal Penalties for Violation of Federal Copyright Laws

Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.

Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or 鈥渟tatutory鈥� damages affixed at not less than $750 and not more than $30,000 per work infringed. For 鈥渨illful鈥� infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also asses costs and attorney鈥檚 fees. For details, see Title 17, United State Code, Sections 504, 505.

Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense. For more information, please see the web site of the聽.

Movies, Television, and Public Performances

9I果冻制作厂 students are subject to copyright laws and guidelines governing public performances, including movies. Using discernment of their viewing choice, students may watch movies in their own residence hall room. Prior to hosting a movie screening, 鈥淧ublic Performance Rights鈥� must be purchased through a legal licensing organization. Purchasing or renting a movie is not the same as purchasing a public performance license.

A screening is considered a public performance, and therefore not permitted, if viewed:

• in a residence hall room for an event, program, or large number of guests
• in residence hall lounges
• in the Dining Hall
• in the Chapel
• in classrooms and conference rooms except during course instruction
• at any outdoor location on campus

Further information, including specific guidelines about movie viewing and public performance, please contact the Student Affairs Office.

What is聽Encryption?

Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood without decryption. Decryption is the process of converting encrypted data back into its original form, so it can be聽understood.

Do not give away the聽key!

Remember: your Anna Maria Network username and password are the key.

The use of encryption/decryption is as old as the art of communication. In wartime, a cipher, often incorrectly called a code, can be employed to keep the enemy from obtaining the contents of transmissions. (Technically, a code is a means of representing a signal without the intent of keeping it secret; examples are Morse code and ASCII.) Simple ciphers include the substitution of letters for numbers, the rotation of letters in the alphabet, and the 鈥渟crambling鈥� of voice signals by inverting the sideband frequencies. More complex ciphers work according to sophisticated computer algorithms that rearrange the data bits in digital signals. In order to easily recover the contents of an encrypted signal, the correct decryption key is required. The key is an algorithm that undoes the work of the encryption algorithm. Alternatively, a computer can be used in an attempt to break the cipher. The more complex the encryption algorithm, the more difficult it becomes to eavesdrop on the communications without access to the key.

Leave nothing聽unattended.

We are all responsible for Information Security Awareness. Be sure that you lock your door if you leave your office, even if it is just for a short time. If you are in an open office be sure that there are other members of the staff who know that you are going to be away and secure your laptop in a locked drawer of your desk whenever聽possible.

Use the Windows+L keyboard keys to secure your Windows computer, which will require someone to log in to view the open applications/documents. Other devices should have a similar lock sequence. If this does not seem feasible, please contact the Information Technology so that we can discuss your situation and provide assistance.

Change Empower Password
Change Online Resources Password
FAQ Advisor Online Registration
Open a Shared Calendar in Outlook
Retrieve Attendance Records
Retrieve Class Rosters
Share Calendar via Outlook
SMARTBoard Quick Hints
Submit Grades

Print from Your Personal Computers
Quick Guide to Technology
Web Registration

When ordering a personal computer ITS recommends purchasing a computer with these specifications:

• Processor 鈥� dual core 2.4 GHz+ (i5 or i7 series Intel processor or equivalent AMD)
• RAM 鈥� 16 GB
• Hard Drive 鈥� 256 GB or larger solid state hard drive (“SSD”)
• Wireless (for laptops) 鈥� 802.11ac (WPA2 support required)
• Operating System 鈥� Windows 10 Home or Professional editions, or Apple OS X 10.14
• Backup Device 鈥� External hard drive and/or USB Flash Drive

The majority of Anna Maria’s computing resources and backend systems are built on the Windows platform. If you are coming to Anna Maria with a particular program of study in mind, you may want to check with your academic department to see if they have a preferred computing platform.