Educause Security Discussion mailing list archives
Re: Guideline for Restricting Software
From: "Edwards, Francis" <FEdwards () MC CC MD US>
Date: Fri, 16 May 2003 14:20:16 -0400
Let me clarify my query. Like many other institutions, we have an Acceptable Use Policy already in place that handles the high-level requirements / restrictions, and quite intentionally in generic, non-specific terms. For example, users will - "neither endanger the security of any College computer or network facility nor willfully interfere with others' authorized computer use." - "connect to College networks only with equipment/computers meeting College technical and security standards." What we're working on now is a lower-level guideline / standard or whatever you care to call such a document. Its purpose is to identify specific categories (and occasionally specific products) that are restricted, possibly prohibited, and would require authorization to install / use. For example, products used in teaching information security courses are a deadly if not properly contained. In the academic environment, we can not say decree that people can use only what IT provides them. Francis -----Original Message----- From: Edwards, Francis Sent: Wednesday, May 14, 2003 12:47 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Guideline for Restricting Software Does anyone have a guideline or other document restricting the installation or use of specific software on institutional computers? I'm talking about the nasty stuff like KaZaA, vulnerability scanners, password crackers, etc. that have limited justification on a faculty or staff workstation. We're crafting something to document our need to restrict such products, permit use when justified / authorized, and our authority to have them removed. It always helps seeing what others have done when crafting the language. And it sure helps in making the case if others already have something similar in place. Thanks, Francis L. Edwards, II CISSP CCP Manager, IT Security Montgomery College Rockville, MD 20855-2759 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Guideline for Restricting Software Edwards, Francis (May 14)
- <Possible follow-ups>
- Re: Guideline for Restricting Software Edwards, Francis (May 16)
- Re: Guideline for Restricting Software Randy Marchany (May 16)
- Re: Guideline for Restricting Software Scott Bradner (May 18)
- Re: Guideline for Restricting Software Scott Wimer (May 18)