Rules of the Road

Access to Information Resources
All personnel (faculty, staff, and students) must acquire a user id and pass word before accessing Valencia Community College information resources. This access is approved by representatives of the information resource owner and processed through the Office of Information Technology. This access is reviewed at least annually to ensure that it is still valid.  When the access is no longer valid, the Office of Information Technology terminates it.

Access to Confidential/Sensitive Information
Access to confidential and sensitive information is restricted to individuals who are authorized by owners on a strict "need to know" basis. Owners of confidential and /or sensitive information are responsible for classifying the data. Resources containing this information should be clearly marked. Managers should be aware of which personnel are in positions of special trust.

Use of Valencia Community College Information Resources
Valencia Community College information resources provided to faculty, staff, and students are owned by Valencia Community College and are to be used for College related activities only. Resources are not to be used for commercial purposes and/or personal financial gain or for any other non-university-related activities. When off-site Valencia Community College terminals are used to access University information resources, their operation must be only for university business. At no time should Valencia Community College information resources be used to disrupt, damage, degrade, or obstruct systems/networks. University resources should not be used to gain unauthorized access to systems, subvert restrictions associated with computer accounts, or obtain additional resources. Users are responsible for their own individual accounts and should never make them available to others. User IDs and passwords exist for account protection and should not be compromised.

Email
Email should be considered the same as printed communication and should meet the same standards of taste, professionalism, accuracy and legality that are expected in printed communication. Fraudulent, harassing, threatening or libelous messages should not be transmitted and personal or sensitive information about individuals should not be posted without their consent. Junk mail (e.g. random mail, chain letters, etc.) is unacceptable. All messages must correctly identify the sender. If you are being harassed via email, immediately notify the Office of Information Technology. It is not the intent of the University to monitor email in the absence of policy or law violations. Email is subject to disclosure to third parties under the Florida Sunshine Law or through subpoena or other processes.

Copyright
Copyrighted material includes, but is not limited to, software, audio recordings, video recordings, photographs and written material. Copyright policy can be complex and fairly confusing but the following general guidelines apply to Valencia Community College:

Software licensed to the university may be copied only if explicitly authorized by the software developer.

Copying software licensed to the University onto a personal home computer must be expressly authorized in the license agreement.

Multiple use over a network must also be specifically authorized in the license agreement.

Users must have permission to access, copy, or transport data maintained by other University users.

Faculty, staff, and students may not use unlicensed or unauthorized copies of software on University-owned computers.

Please refer to the Valencia Community College IT policies for more information.

TOP

Information Security Links

Documents

• Collections of Documents

• CERT Tech Tips on Improving Security
• CIAC Documents
• The Cryptography Project
• Hideaway.Net - Security Texts

Security Advisories

• Advisories from Independent Groups
  • AUSCERT Advisories
  • CERT Advisories
  • CIAC Bulletins
• Advisories from Vendors
  • Microsoft Security Advisor
  • OpenBSD Security Views

T

Quick Definitions

"Hacking" is defined as making a modification to something to improve it or to make it do something it was not originally intended to do.  A hacker is someone who will seek out security flaws or holes in a computer or telephone system. Currently, the term "hacker" has a negative connotation from the media, but the original meaning was in fact complimentary.

"White hat" hackers are individuals who endeavor to identify security weaknesses, and point these weaknesses out to the companies whose systems they have penetrated.  This allows the company to fix these problems, before "black hat" hackers can find and exploit the same flaws with malicious intent.

There are two types of "white hat" hackers.  One group includes individuals who are hired by a company to test their security systems.  The other group pursues hacking as an avocation -- they are uninvited guests who penetrate security systems for the enjoyment of being able to do it.  These uninvited white hat" hackers are also know as "grey hats".

• White Hat Sites
  • Computer Incident Advisory Capability
  • CERT Coordination Center
  • SANS Institute
  • MOREnet Security
  • Security Focus
• Grey Hat sites
  • Insecure
  • PacketStorm
  • Nomad Mobile Research Centre
  • AntiOnline
• Black Hat Sites
  • Cult of the Dead Cow
  • Phrack Magazine
  • HappyHacker
  • The Hacker's Choice
  • Attrition

TOP