Secure Computer Desktop Policy

This policy has been adopted by the President to support a full suite of administrative software applications in a cost-effective and efficient manner while enhancing security and reliability, by limiting the number of administrative (non-academic) users that have the capability to install software and or modify system files. This policy does not apply to faculty or their staff.

Administrative Computer Configuration Policy

Installation of software on campus-owned administrative computers shall be limited to a SUNY Oneonta standard configuration and other software necessary for the performance of the employee’s job. This shall be determined in consultation with the employee and her/his supervisor. Installation and support of all software will be the responsibility of the Administrative Computer Services staff. All computers purchased after the approval of this policy and those being upgraded to the MS2000, XP or later operating systems will be secured with SUNY Oneonta's standard software configuration and any other software deemed necessary for job performance after consultation with the employee and supervisor.

Rationale

Installation of software is the second leading cause of virus propagation second only to email. Viruses pose a serious security threat and unnecessarily burden computer support staff. A policy backed up by appropriate procedures will dramatically improve security and reliability by reducing the number of rogue applications (i.e. games, Kazaa, instant messaging, etc.) being installed by end users.

This policy will set forth the mechanisms by which data stored on campus-owned computing systems and utilized by SUNY Oneonta employees and students is more secure and better protected.

This policy will promote that:

• SUNY Oneonta can meet its record-keeping and reporting obligations as required by state and federal law, and local campus policies.
• SUNY Oneonta can comply with the Family Educational Rights and Privacy Act of 1974 (FERPA ‐ the Buckley Amendment), HIPPA, and other statutes and policies protecting the rights of individuals.
• SUNY Oneonta can consistently maintain data integrity and accuracy.
• SUNY Oneonta can assure that authorized individuals have timely and reliable access to necessary data and unauthorized individuals are denied access to computing resources.

Standard Configuration (as of January 2003)

Office XP (Word, Excel, Access, PowerPoint, FrontPage, Visio), Explorer (Internet Browser), Outlook (e-mail client), Adobe Acrobat (PDF file reader), WINQVT (terminal emulation), Banner (administrative student database), Antivirus software (currently Sophos), FTP (file transfer application), Plug-ins (view web pages that use multimedia, synch of PDA’s, etc.) This standard configuration may be modified by Computing Services as SUNY Oneonta needs and software options evolve in the future.

Exceptions

A supervisor may at his or her discretion request that an individual machine be given less restrictive privileges. For example, the use of certain applications may require an end-user to have full unrestricted access. Prior to making this decision supervisors should be aware of the risks, and act in a way to protect the information resources of SUNY Oneonta. Additional software can be requested by a supervisor and will be installed by administrative computing staff to ensure the computer continues to function consistent with established best practices.