Re: User's not following the rules

["Mehmedovic, Jenny" <jmehmedo () KU EDU>]

We use the following general language or something like it in most of
our information technology-related policies, so that misbehavior or
violation of policies can be assessed on a case-by-case basis.  Our
Information Security policy gets a bit more in-depth & detailed.  See
https://documents.ku.edu/policies/Information_Services/Information_Techn
ology/Security_Policy/Security_Policy.htm. 
 
Feel free to browse our other IT policies at
http://www.policy.ku.edu/category.shtml?8.
 
Whatever approach you decide to take, make sure you involve your Human
Resource & General Counsel offices.  We feel strongly here that any
disciplinary action taken should occur within the department & under
advisement of HR & Counsel (i.e., IT is not the one meting out the
disciplinary measure...) 
 

_______________________________

Use of University electronic information resources contrary to this
policy, University or Regents' policies, or applicable federal, state or
local law is prohibited and may subject the user to disciplinary action
including, but not limited to, suspension of the user's access to the
electronic information resources. Users also should be aware of other
possible consequences under University or Regents' policies and federal,
state, or local laws, particularly those related to computer crime and
copyright violation. 

______________________

Faculty, staff and student employees who violate this university policy
may be subject to disciplinary action for misconduct and/or performance
based on the administrative process appropriate to their employment. 

 

Students who violate this university policy may be subject to
proceedings for non-academic misconduct based on their student status. 

 

Faculty, staff, student employees and students may also be subject to
the discontinuance of specified information technology services based on
the policy violation.

___________________________________________

Employment actions should be handled by the appropriate department with
the advice and guidance of Human Resources/Equal Opportunity and the
Office of the General Counsel.  Student disciplinary actions should be
handled by the appropriate department in collaboration with Student
Success.

___________________________________________

Jenny Mehmedovic 
Assistant to the Provost 
University of Kansas 
(785) 864-4904 
jmehmedo () ku edu 

 

________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sachnoff, Neil
Sent: Thursday, September 18, 2008 5:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] User's not following the rules



Last time we tried to push this concept the institution was unwilling to
place in policy what the penalties would be. We have many unions on
campus.

 

/Neil  

Neil S. Sachnoff, Executive Director, Information Technology
Middlesex County College 
2600 Woodbridge Avenue, JLC Rm. 209 
Edison, NJ 08818-3050 

 PThink before you print

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James Farr '05'
Sent: Wednesday, September 17, 2008 3:40 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] User's not following the rules

 

We are currently evaluating what to do when a user does not follow the
Information Security Policies adopted by the institution.


Currently our policies are handled on a case by case basis.  There are
no set forth policies that clearly state if you provide your password to
another user x,y,z, will happen.

 

Does anyone have a guideline they can share on what happens when a user
does not follow the established rules.

Do you test users on their understanding of the security policies?

If so are penalties more sever if the user demonstrated knowledge in the
area?

Do sanction change based on the number of times they do not follow the
policy?

 

Thank you for your time

James Farr

Utica College

Information Security Officer