Educause Security Discussion mailing list archives

Re: computer use policy

From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 15 May 2003 14:57:16 -0400

John Isenhour wrote:

I've always found that policy documents need to stay a bit nebulous
rather than specific in order to remain effective, so using
"disruptive" or
"illegal" is better than "KaZaa".


One model that we've explored is to have a policy remain in
its natural nebulous state <grin> but reference a "standard"
that spells out specifics.

Ergo, policy may mention a responsibility to follow university
software standards while the standard itself is the proverbial
living document that specifically lists approved or banned software
packages according to issues and technologies of the day.

Academic policy is fundamentally different from some business or
military type policy in that ours is "you can do anything but this"
where as the other is "you can only do this and nothing else".


With the "you can do anything but this" strategy, one can still
accomplish quite a bit if the "this" is defined in general
terms rather than in specifics.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

computer use policy John Isenhour (May 15)
- <Possible follow-ups>
- Re: computer use policy Gary Flynn (May 15)
- Re: computer use policy Ken Shaurette (May 16)
- Re: computer use policy Randy Marchany (May 16)
- Re: computer use policy Bruhn, Mark S. (May 16)