Slice 1 Created with Sketch.

Index > Operations Policies > Network Security Policy

Network Security Policy

Purpose

This policy is intended to protect RISD's ability to:

  • maintain a reliable college network and Internet connection to conduct RISD’s business
  • restrict access to institutional, research or personal data and information on the college network to authorized individuals, and
  • safeguard computer system and network integrity at RISD, and specifically, to protect college computing resources and/or information from unauthorized access as well as unintended and/or unauthorized disclosure of college information.

Policy Statement

Threats from the Internet scan the college network every day. Much of this scanning is done to determine the number and location of potentially vulnerable systems on the campus network. Attacks from the Internet have occurred in the past, and will most likely be attempted again in the future. These include the loss or corruption of data or unauthorized disclosure of information on research and instructional computers, student records, financial systems, and other aspect of college operations.

Policy

Network Connections

RISD maintains a high-speed connection to the Internet through wired and wireless access. Physical access to college networking equipment (routers, switches, hubs, etc.) is not permitted.

Network Security

In collaboration with academic and administrative departments, RISD shall identify the appropriate network security level for College systems. RISD will investigate, or cause to be investigated; any unauthorized access to College computer systems.

Systems on the network must have adequate security (e.g., antivirus, automatic operating system updates turned on, device firewall) installed and maintained. All systems connecting to the RISD network must be configured and maintained in such a manner as to prohibit unauthorized access or misuse. For example, guest accounts are strongly advised against. Use of guest accounts will be restricted to certain sub-sets of the campus network on a case by case basis. It is the responsibility of all RISD network users to report security problems to Information Technology Services (ITS) for investigation.

Some activities deemed inappropriate include, but are not limited to:

  • Establishing unauthorized network devices, including wireless access points (including student dormitories), a router, gateway, or remote dial-in access server; or a computer set up to act like such a device.
  • Engaging in network packet sniffing or snooping, operating network servers of any sort.
  • Setting up a system to appear like another authorized system on the network.
  • Other unauthorized uses prohibited by this policy, or RISD’s Responsible Use of College Computing Resources Policy.

Procedures

Monitoring and Auditing

To safeguard the integrity of the college's computing and electronic communication resources, and to minimize the risks to both those resources and the end users of those resources, RISD will monitor data traffic, utilizing a variety of tools and techniques, to detect unusual network activity and will review, and/or disclose data communications when in the college's judgment there is reasonable cause to suspect a violation of applicable college policy or criminal law.

Any device found to be in violation of this policy, or found to be causing problems that may impair or disable the network in any way, is subject to immediate disconnection from the college's network. RISD may require specific security improvements where potential security problems are identified.

Attempting to circumvent security or administrative access controls for information resources is a violation of this policy. Assisting someone else or requesting someone else to circumvent security or administrative access controls is also a violation of this policy.

Revision history

This policy was created on: March 2007

This policy was last reviewed/modified on: 10/30/2015

This policy was last reviewed/modified on: 4/26/2021

Next scheduled review: 1/1/2023

Responsibilities

Issuing Office

Information Technology Services

Responsible Officer

Chief Information Officer

Individuals/offices required for review and changes

Senior Vice President of Finance and Administration

Office of the General Counsel