Security
IT Policies
Code of Ethics for Computing & Communications
Faculty, Staff, Students and Guests have an obligation to exercise safe, responsible, ethical behavior when using the University's computers, information, networks and resources, and must abide by University policies, local, state, and federal laws.
View the Code of Ethics for Computing & Communications
IT Information Security Plan
ResNet Acceptable Use
This is an official agreement that each student undertakes when registering for/connecting to ResNet service.
View the ResNet Acceptable Use Policy
Backup & Retention
Time parameters for backups for various IT systems.
View Backup & Retention Policy
IT Guidelines
Privacy
EKU adheres to the federal guidelines concerning student privacy. The Family Educational Rights and Privacy Act (FERPA) affords students certain rights to privacy with respect to educational records. EKU adheres to this guideline and prohibits inappropriate use of student information.
Visit the official government site for information regarding FERPA
Copyright, Plagiarism, and use of Peer-to-Peer
All copyrighted information, such as text, recordings, and images, retrieved from electronic resources or stored, transmitted or maintained with electronic resources, must be used in conformance with applicable copyright and other laws. Copied material, used legally, must be properly attributed in conformance with applicable legal and professional standards. While peer-to-peer usage can provide a beneficial file sharing service, it also provides an opportunity for abuse, infringements and virus transmission, as there is no filtering of this sort of data transmission. EKU strictly prohibits any form of copyright infringements, including illegal media downloads, plagiarism, bootlegging, or any other illegal use of materials.
Illegal downloads are often detected and reported by the movie and recording industries, and IT Security are notified so these incidents can be managed appropriately, including disciplinary and/or legal actions. EKU is required by Federal Law to respond to notifications of copyright violations on its networks. Offenses such as illegal use of peer-to-peer will result in consultations with university officials, and may result in disciplinary actions, up to and including suspension or termination of network privileges, expulsion, or dismissal. In addition, the names of the violators will be referred to the appropriate authorities for criminal or civil prosecution.
Per the EKU Code of Ethics for Computing and Communications and Federal Laws regarding copyright infringements, all copyrighted information retrieved via electronic sources within EKU networks must be used in conformance with applicable copyright protection laws. See U.S. Copyright laws.
Passwords
Employees are required to change network passwords every 90-days. The use of "Strong" passwords and passphrases is encouraged. Sharing passwords is not permitted, and can be grounds for disciplinary actions.
IT Password Protocol Policy
Password & Accounts: Employees
Password & Accounts: Students
The Payment Card Security Incident (PCI) Response Plan (supplements the University Incident Response Plan)
This policy is used to address credit cardholder security, the major card brands (Visa, MasterCard, Discover, and American Express) jointly established the PCI Security Standards Council to administer the Payment Card Industry Data Security Standards (PCI DSS) that provide specific guidelines for safeguarding cardholder information. One of these guidelines requires that merchants create a Security Incident Response Team (Response Team) and document an Incident Response Plan (IRP).
This document defines the roles and responsibilities, handling of, reporting/notification, and communication requirements for incidence response plan at Eastern Kentucky University (EKU).
For the purpose of this Plan, an incident is an event in which cardholder data in any format—physical or digital media (truncated card numbers are not card holder data)—has been or is believed to be lost, stolen, or accessed by an individual unauthorized to do so.
This Incident Response Plan is dependent upon the merchant and/or cardholder data environment (CDE) Resource and Data Owners being compliant with the Payment Card Industry Data Security Standard (PCI DSS) and all applicable EKU IT Security policies.
This Incident Response Plan will be reviewed and tested annually by the PCI Response Team to account for changes to\updates in the environment and\or industry trends.
Technology & Web Accessibility
To develop and foster a university-wide culture of technology accessibility, focusing on a proactive approach, rather than ad hoc responses to immediate needs. To identify best practices and opportunities to implement them in support of all individuals who use technology. The Technology Accessibility Council will assess the university’s regulatory compliance with ADA, as well as other legal requirements, as it relates to technology and provide direction and oversight to ensure compliance and a proactive culture of technology accessibility.
View Accessibility Website
Information Technology (IT) Account & Assets
HR processing of the Position Action Form (PAF) indicating employee separation will result in termination of security codes, e-mail accounts, and any additional Information Technology accounts.
View Employee Separation from Employment
LISTSERV and Mass Email
Faculty and Staff are required to follow proper policy and procedures when sending campus-wide communications.