HOMEWORK [WEEK 6] 1

Homework – Security Policy

Sanket Patil
DePaul University
5/9/2017, 10:30pm
Student ID: 1532254 / Email: sanket.patil1477@gmail.com
HOMEWORK [WEEK 6] 2

Security Policy

Acceptable Use Policy

A) Introduction to the Organization:

The security policies mentioned in the following document are for the University of Fullerton, which is
one of the highly-acknowledged universities in the Chicago area and it provides profound educational,
research and high technological platforms for students. The University has one of the best state of the art
facilities which includes provision for many technical activities. It has strong security platform which
protects the networking infrastructure and provides reliant access to high speed internet access, access
to latest proprietary software versions, advanced computer equipment, latest networking and security
components and other facilities. The following document would emphasize on the acceptable use policies
which needs to be implemented and followed for allowing every member of the University community to
have access and use of the facilities provided for proper educational progress and technological
advancement. They depict the cause and effect of the security policies used for safeguarding the
infrastructure of the University from unauthorized access and several other parameters.

1. Overview:

The main reasons for publishing the security policies for the University of Fullerton is to follow the goals
which are stated in the mission statement of the University which is to have enrichment, progress and
integrity of the academic disciplines. It is imperative to have all the resources, compliances and the
methods used in securing the information database of the University to be of a paramount stature and
have all the policies implemented in a standardized format. Also, it the responsibility of the users of the
University community to be adhered to the policies of keeping the components of the network
infrastructure in a secure state and be familiar with the rules and regulations pertaining to them. All the
resources which could be the internet related, computer access, the online storage platforms, storage,
the licensing of the software for University related purposes, email accounts, browsing are solely the
property of the University of Fullerton and care should be taken not to infringe the policies of the security
which are embedded into them. The University community should be responsible for their actions and
they should be familiar with responsibilities bestowed upon to them.

2. Purpose:

The purpose states that since the University is providing to the members of the University community
with all the facilities such the advanced computer equipment, the state of the art infrastructure to
perform prominent level technical activities, high speed internet access, the networking facilities, it is the
responsibility of the members of the University community to have a certain sense to have the prior
indication and receipt of having the importance of the proper use of the resources. It should be their
privilege to have all the advanced technical components at their disposal to aid them to become
technologically professed and have the knowledge to face out the real-world challenges. Consequently, it
is also necessary to have the resources use in a legal and ethical manner and to make no unnecessary
changes so that these resources are available to the next user in a sound state.

Therefore, the acceptable use policy indicates that the users should maintain the integrity of the facilities
and have no illegal prowess over any part of the components. If the member tries to break any of the
HOMEWORK [WEEK 6] 3

policies, rules and regulations of the organization, they are liable to disciplinary actions which could be
taken by the University and have their access and privileges taken away. This could be the network
privileges, the internet facilities, and other University resources. This document dictates the do’s and
don’ts of the rules and regulations of the University which needs to be comprehended. These guidelines
of the acceptable use of the policies has been implemented to have the understanding that the proper
and ethical actions of the members of the community could affect the other members in a certain way
and it would be fruitful to have these rules in place as it would be implement smooth and accurate
functioning of the University resources. The document also states the federal and state law placed in the
University policy agenda to have the necessary actions in place in case any member violates the rules and
laws in an unfitting way and they are subject to change.

3. Scope:

The policies which are implemented by the University is applicable to the students, faculty, workers, staff
members, guests, other employees and members which are accessing the resources of the University and
they should be liable for their actions and have proper understanding of the use of the information and
network equipment. The resources of the network and computing infrastructure include the computer
equipment of the University, the user-owned equipment requiring internet, storage and other facilities
access, the University owned email account access and other resources which are wholly and solely the
property of the University and are required to be used ethically and following all the rules and regulations.
The required exceptions to the rules and policies can be applied on the respective actions committed by
the members of the University and may have the appropriate conditions determining the accurate course
of actions. The policies are also applied to have the infrastructure components of the University which are
either owned or taken on a lease by the organization.

4. Policy:

4.1 Culpabilities:

4.1.1 The University community are responsible for the proper and appropriate use of the University
resources and have the resources in the exact stately condition and it was prior to the use of the respective
resource.

4.1.2 Members should have the control over the resources and staff and the employees should have the
check so that unauthorized access to the network environment of the University is not permitted to the
users. This could be done by having intrusion detection and prevention systems in place and to have
continuous monitoring over the network.

4.1.3 Employees of the security team are responsible for having the passwords encrypted and having the
network infrastructure safeguarded by implementing security components such as firewalls, malware;
anti-virus tools, sniffing mechanisms and these resources should be used and tackled by the authorized
employees and staff members.

4.1.4 In the University platform, it is encouraged to have proper communications between the security
staff members and the students, faculty and others on the several electronic activities which are occurring
on the campus and having a check on important notifications provided by the security team to be followed
precisely. The communication could include the notices of the spam mails and the illegal and harmful
HOMEWORK [WEEK 6] 4

attachments in the emails, notifying that it would provide unethical access of the intruder in the network
systems and it is strongly enforced to not have these emails opened and abolished completely. Also,
proper provisions should be made to have the communicating user authorized and making sure the
person is legitimately one of the University member who is intending to have the communication.

4.1.5 The University members are encouraged to have the resources of the University used an appropriate
manner and it should be seen that they are used in a way that does not disrupt the activities of any
members of the University. Some resources would require high usage of network parameter and it should
be seen that all the components are shared equally and fairly among other members of the University.
4.1.6 The members of the University community are bound to have their boundaries and should access to
the network environment which they are authorized to have access to. Unnecessary access to
unauthorized sections of the University should be strictly prohibited.

4.1.7 The rules and regulations of the security policies should be strictly followed by the users of the
University and should agree to the terms and conditions.

4.2 Security Requirements:

4.2.1 The members of the University should never share their account information pertaining to the
University resource to any other individual whether it may be friends, family members and others. This
could lead to have them access resources which they have no authority to pass through and this affects
the integrity of the University resources.

4.2.2 It is advisable to have the storage equipment of the users in check which could contain malicious
content and affect the security parameter of the University. Even though, the safeguarding of the network
infrastructure is in place, care should be taken by the individuals to have their storage devices which have
connection to the University computer equipment are virus, trojans free so that unethical intrusion does
not take place in the University environment.

4.2.3 In the University network platform, it is not advisable to have other network monitoring tools in
place which could be used to access systems which the individuals do not have the authority to do so. It
is imperative to have strong policy rules to have authentication and authorization systems in place, so
that illegal access to specific sections of the networks does not take place.

4.3 Unacceptable Use

Following are the policies which are implemented for the members of the University community which
should not be acceptable under normal circumstances. Only those individuals who have the right to use
and have proper authorization to have these policies in check are allowed to use them which could include
the employees of the security team, the network administrators and other staff. The individuals who are
a part of any individual activities other than these authorized policies are liable to have disciplinary actions
to be sanctioned against them and they could be under the University, federal or state law.

4.3.1 Providing University related information which are marked as confidential to the individuals outside
of the University community and having them access to the data which they are not authorized to have
an entry through. This provision for the unauthorized individuals to have access to the University
networking infrastructure should be strictly prohibited.
HOMEWORK [WEEK 6] 5

4.3.2 Using the University resources on a scale in which it affects the other members of the University to
have proper usage of them and making them unavailable for use. The facilities should be used
appropriately and every member of the University should be benefited equally by these resources so that
proper utilization takes place.

4.3.3 Making use of several monitoring systems to have a check on the systems without proper
authorization from the respective staff member is strictly prohibited. This gives a passage to the members
of the University to have unauthorized access to network systems.

4.3.4 Having illegal infringement in the network infrastructure, which include accessing the accounts of
the individuals which the users are not authorized to access, or logging onto the network systems which
the user is not intended to have access to. These users need proper authorization to seek an entry to
these systems and if not, they are prohibited to have an entry in the network.

4.3.5 Having access to the network systems for unrelated University work should be strictly prohibited.
This causes loss of resources which has no benefit to the University community.

4.3.6 Introduction of harmful network parameters such as malwares, trojans and other substitutes in the
networking infrastructure of the company.

4.3.7 Selling the University resources to the members outside of the University. This marks as a serious
offence with the security rules, regulations and strict disciplinary actions are bound to be taken against
the individuals committing such unauthorized actions. Proper management must be consulted prior to
having to do such actions.

4.3.8 Posing as someone else in the communication between the respective University members should
be avoided and proper actions should be taken by having proper authentication method in place so that
legitimate users are employed in the University related resource communication.

4.3.9 The University should have strict measures on the blogging of the facilities and the resources of the
University under restricted conditions. Proper authorization from the respective members of the
University should be taken before having to commit these actions.

4.4 Implementation:

4.4.1 As members of the University community, the proper implementation of rules, laws and regulations
should be implemented. They are provided so that the proper rights of the users of the University are
maintained and they have their right to exercise these security measures for appropriate usage of the
resources.

4.4.2 The University has the right to have implement all the necessary security parameters so that the
confidentiality, integrity and availability of the resources is maintained and the users take the benefit of
the several components they need for making technological and ethical progress.

4.4.3 The University takes specific measures to avoid the illegal reproduction of the resources of the
University which include, but are not limited to, the copying of the University data which could be the
HOMEWORK [WEEK 6] 6

music files, images, unauthorized copying of the proprietary software of the University, and other
parameters.

4.4.4 There should be the provision for freedom of opinion in the University community where the
individuals can express their view which are not against the rules and regulations of the University forum.
It is encouraged to have the expression of views and opinions which could not only benefit the University
community but also would have access to the ideas which could be implemented for the betterment for
the University from many point of views such as from improving the current facility infrastructure,
uplifting the security mechanism of the University and having to add any other components which would
make pathways to have more opportunities in the advancement of the resources of the University.

4.4.5 The members of the University should have proper rights to their personal and private use of the
University resources and also should implement policies which are of the appropriate use to all the
members of the University community.
HOMEWORK [WEEK 6] 7

References

• https://security.georgetown.edu/technology-policies/acceptable-use
• https://security.utexas.edu/policies/aup
• https://it.brown.edu/computing-policies/acceptable-use-policy
• https://www.sans.org/security-resources/policies/general/pdf/acceptable-use-policy
• https://offices.depaul.edu/mission-and-values/about/Pages/MissionStatement.aspx
• https://wdat.is.depaul.edu/is/_downloads/1_isaup.pdf
• https://www.depaul.edu/university-catalog/academic-handbooks/code-of-student-
responsibility/university-policies-applicable-to-students/Pages/acceptable-use-policy-network-
security.aspx