С��è��ý

BP 8211 Personal Mobile Computing

Statement of purpose

С��è��ý provides many technology products and services to support the academic and administrative needs of the College. Individuals who use the College’s IT resources are expected to follow certain defined behaviors in order to minimize information security risk and protect the College and its constituents.

Protecting students, faculty and staff from the risk of identity theft or unauthorized disclosure of personal information is the primary goal of adopting the best practices described in this policy.

This policy enables С��è��ý IT staff to perform key operational and maintenance tasks, manage information security, and respond to legal requests.

Students, faculty, and staff often require access to С��è��ý’s wired and wireless networks using personal mobile computing devices (a.k.a. “BYOD” or “Bring Your Own Device”). This policy seeks to protect the integrity, availability, and performance of IT resources from intentional or inadvertent disruption by personally owned devices.

С��è��ý IT staff administer all IT resources connected to the network. Because IT does not administer personal devices, these devices present significant risk to the normal operation of the College when connected to the network.

Scope statement

All С��è��ý (С��è��ý) employees, students, and affiliates or other third parties that create, use, maintain, or handle С��è��ý IT resources are subject to this policy. This policy applies to use of all С��è��ý owned and managed IT resources, use of any computer or mobile device connected to a С��è��ý network, all controlled sensitive data stored or transmitted using С��è��ý IT resources and all users of such data.

Policy summary

Personal technology devices such as personal laptops, tablets, and cell phones shall only be deployed on С��è��ý networks in accordance with defined С��è��ý connectivity and usage policy.

Policy

General

• Use of BYOD is subject to all other С��è��ý Policies.
• The theft or loss of a BYOD that was used to connect to internal С��è��ý services shall be reported to the С��è��ý Computer Service Desk at 971-722-4400 (or x4400) immediately.
• All BYOD with direct connectivity to the Internet (e.g. laptops used by employees) that are used to access the С��è��ý network shall have personal firewall software installed and activated.

Wireless connectivity

• Guests shall connect BYOD to the Wireless Guest Network (С��è��ý-Guest) using a С��è��ý-issued temporary user ID and password.
• Students, faculty, staff, and affiliates shall connect BYOD to the Wireless С��è��ý Network (С��è��ý-WiFi) using the required authentication mechanism approved and issued by С��è��ý.

Wired connectivity

• Students, faculty, staff, and affiliates shall not physically connect BYOD to С��è��ý networked workstations or wall jacks (see Exemptions).

VPN connectivity

If students, faculty, staff, or affiliates connect to С��è��ý networks via VPN using either a BYOD or С��è��ý supported device:

• If BYOD, the user is responsible for ensuring the device meets С��è��ý security standards.
• If a С��è��ý supported device, the user must ensure that the device is available for regular security patching.

Affiliates

• Affiliates may be granted VPN access per the defined authorization process for the required period only.
• Where feasible, a С��è��ý owned and managed device shall be issued to the affiliate for this purpose.

Exemptions

USB drives (“thumb drives”) may be connected to computer USB ports.

• Users should only physically connect personal USB drives when no other alternative is feasible (Example: download data via the wireless network instead of using a USB drive to physically connect).
• С��è��ý provides re-charging stations and charge adaptors for recharging BYOD such as personal laptops – do not recharge using С��è��ý computer USB ports.
• С��è��ý recommends using encrypted USB drives.
• Scan USB drives for malware prior to connecting to IT resources.

Exceptions

None.

Policy violation

Report non-security-related violations (such as receipt of inappropriate content, other People, Strategy, Equity, and Culture (PSEC) policy violations, general college policy violations, or regulatory compliance violations) to a supervisor, PSEC, or EthicsPoint.

Violation of this policy may result in disciplinary action in accordance with С��è��ý People Strategy Equity and Culture (PSEC) and/or Student Conduct guidelines.

С��è��ý reserves the right to report security violations or compromises to the appropriate authorities. This may include reporting violations of Federal, State, and local laws and regulations governing computer and network use, or required accreditation reporting.

Anyone who violates this policy may be held liable for damages to С��è��ý assets, including but not limited to the loss of information, computer software and hardware, lost revenue due to disruption of normal business activities or system down time, and fines and judgments imposed as a direct result of the violation.

С��è��ý reserves the right to deactivate any user’s access rights (whether or not the user is suspected of any violation of this policy) when necessary to preserve the integrity of IT resources.

Complaint procedures

Report information security and general technical policy violations to the IT Service Desk at 971-722-4400 or servicedesk@pcc.edu, or contact the CIO or CISO.

Governing standards, policies, and guidelines

None.

Definitions

• Affiliate
  Any person or entity that has been sponsored by a С��è��ý manager to receive controlled temporary access to С��è��ý services.
  • This is generally as a result of a contractual relationship with С��è��ý. For example, an air conditioning vendor may require affiliate access to test the HVAC system. A consultant project manager may require affiliate access to access project plans on a С��è��ý system.
• Authentication
  Any process by which a system verifies the identity of a user who wishes to access it.
  • Since access control is normally based on the identity of the user who requests access to a resource, authentication is essential to effective security. For example, when someone logs into myС��è��ý, the user-ID and password entered authenticates that the person logging in is the owner of the account.
• Chief Information Officer (CIO)
  Senior manager of the Information Technology (IT) Department and a member of Cabinet.
  • At С��è��ý, the CIO is responsible for all technology, with the exception of:
    • Online Learning (Academic Affairs)
    • Some specialized technology that supports CTE or other engineering programs (e.g. software that supports machine labs, specialized dental technology, etc.)
    • Some technology that supports auxiliary services (e.g. Point of Sale systems in the cafeterias and bookstores)
• Chief Information Security Officer (CISO)
  Senior manager responsible for information security compliance at С��è��ý.
• IT Resource
  (At С��è��ý) All Information Technology (IT) resources that are the property of С��è��ý and include, but are not limited to, all network-related systems; business applications; network and application accounts; administrative, academic and library computing facilities; college-wide data, video and voice networks; electronic mail; video and web conferencing systems; access to the Internet; voicemail, fax machines and photocopiers; classroom audio/video; computer equipment; software and operating systems; storage media; Intranet, VPN, and FTP.
  • IT Resources include resources administered by IT, as well as those administered by individual departments, college laboratories, and other college-based entities.
• Malware
  Short for “malicious software,” malware refers to software programs designed to damage or do other unwanted actions on a computer system. Common examples of malware include viruses, worms, Trojan horses, and spyware.
• Network
  (In IT) The technology that carries messages between one computer and another.
  • A network is a primary component of technology infrastructure and consists of hardware (e.g. routers, switches) that control and direct traffic; transport technologies (e.g. cables, fibre, wireless radio waves) that transport messages from Point A to Point B; and standards (e.g. Internet Protocol, Ethernet) that facilitate a common understanding of the messages being sent and how they are to be processed.
  • End points (or nodes) on a network are the senders and receivers of the messages and are usually computers (e.g. servers, desktops, laptops) – but can also be technology such as machine controllers, audio/visual devices, etc.
  • The Internet of Things (IoT) largely replaces people interacting across a network with machines and other technology devices interacting across a network, often using artificial intelligence (AI).
• Port
  (In IT) The end point of a network message. If network addresses are like a street address, port numbers are like suite or room numbers. Access to a network or computing resource can be controlled by identifying what messages are permitted to pass through a specific port.
  • A network port is a process-specific or application-specific software construct serving as a communication endpoint, which is used by the Transport Layer protocols of Internet Protocol suite, such as User Diagram Protocol (UDP) and Transmission Control Protocol (TCP).
• USB “Thumb” Drive
  A portable data storage device that includes flash memory. Has a USB connector that plugs into the USB socket on a computer.
• User
  Any person who makes any use of any С��è��ý IT resource from any location (whether authorized or not).
• Virtual Private Network (VPN)
  A dedicated, secure connection between a client computer and a computer network. Usually used to support secure “remote access” to a network (e.g. working from home).
  • A VPN provides a secure communication channel over the Internet between a remote device (e.g. home computer) and С��è��ý’s internal network. The VPN requires authentication to set up the channel and encrypts all traffic flowing through the channel.

Responsible executive

Chief Information Officer

Responsible officer

Chief Information Security Officer (CISO)

Responsible office

Information Technology Department

Last revision date

09-09-2024