Bradley University Skip repetative navigation
Attending Bradley Apply Online Student Life Our Community Visit Us A to Z Index Search Home

Home

Account Management

Committees

Computer Sales

HelpDesk

Outlook Web Access

Personnel

Policies (misc)

Policies (security)

Resources/Services
 

Computing Services
Policies

Computer Security Policy
May 10, 2000

Introduction
Computer security is important because:

  • We are obligated to protect the confidentiality of records related to Bradley University's students and faculty.
  • We need to protect Bradley University's records from unauthorized access or tampering.
  • We need to protect the academic work of Bradley University's students and faculty.
  • We need to maintain the availability of computing resources for their intended use.

The press frequently reports incidents of hackers breaking into systems, changing records, and sabotaging equipment. Institutions of higher education are easy targets for hackers because of their preference for open access to computing resources by a diverse constituency.

The purpose of this policy is to ensure an appropriate level of security on our computers and records while maintaining an open, accessible environment.

Administrative Computers

For security purposes, a computer is considered an administrative computer if it supports one or more of Bradley's administrative offices, or contains confidential university information. For example, the servers supporting Admissions, the Smith Career Center, Facilities, and the Health Center are clearly Administrative computers.

What is less obvious is that when a manager uses a PC to prepare a budget, or personnel evaluations, that computer contains confidential Bradley information and should be treated as an administrative computer.

The security on administrative computers will be held to a higher standard than computers that are used only for academic purposes.

Security Requirements

  1. Each individual needing access to a multi-user computer or server will have their own individual login. Multiple individuals cannot share a single computer login.
  2. On administrative computers
    1. When an employee leaves Bradley, Computing Services will disable that individual's accounts on all computers immediately. Exceptions require written authorization from the unit head. If the employee changes departments within the University, logins specific to the old department will be removed. General-use logins will have the privileges associated with them changed accordingly. Computing Services will attempt to identify all employees leaving the University or moving to other assignments, but has no way of identifying all actions that have an impact on staff computer access rights. Departments are responsible for notifying Computing Services of internal changes that may have an impact on an employee's access rights.
    2. Any login not used for a period of four months will be removed. Summer months (June - August) will not be counted for faculty members.
  3. On academic computers, termination of accounts is more complex:
    1. Faculty will have their accounts terminated after their departure. Short term extensions (30 days) to facilitate transfer of academic information to a different institution may be granted at the request of the faculty member. Other exceptions require written authorization from the department chair or unit head.
    2. Students will have their computer accounts terminated at the beginning of the first semester in which they do not register. Student accounts can be extended for one semester upon request of a student without a pattern of computer abuse as defined in Computing Services' Computer Misuse Policy.
    3. Students with computer accounts provided solely because of registration for a particular class will have those accounts terminated when they drop the class, or at the beginning of the semester following their use if they remain enrolled for the duration of the class.
  4. The owner of a login must choose a password according to guidelines published by Computing Services, and keep the password a secret. Passwords should not be written down, nor programmed into scripts or function keys.
  5. A password should be changed whenever there is any reason to suspect that it may have been compromised (such as someone looking too closely at your fingers while you were typing it), and should be changed every month or so even if there is no reason to suspect a problem. Where possible, administrative systems will force password changes at least every 35 days.
  6. If an administrative computer user leaves the immediate vicinity of his or her terminal or PC, and it is not in a secure area, the individual must log off or take other steps to prevent someone from using the computer (such as a screen saver program that requires a password).
  7. Diskettes that contain sensitive information should be stored as securely as paper containing the same information. Computers with sensitive information on their hard disks should be appropriately password protected.

Compliance

Responsibility for compliance with this policy resides with each individual using computers at Bradley. Computing Services personnel will periodically test the security of our computer systems. When a potential security problem is identified, the responsible individuals will be notified and corrective action should be taken within 24 hours. If the problem is not corrected within that time, the Director of Computing Services will take steps to resolve the problem through the appropriate administrative channels.




Page Managed by Mona Hutchison


Go back to the top of the page
 Go back
© 2006 Bradley University • 1501 W. Bradley Avenue • Peoria, Illinois 61625 • 309/676-7611 • AccessibilityDisclaimer