Information Services

Office-Set-Up

Information Services And Technology

Welcome to Judson University Information Systems and Technology (IST)! We serve the computer and technology needs of students, faculty, staff, and visiting lecturers.

Find helpful instructions in our Knowledge Base or submit a ticket through our IST Helpdesk. We can be reached by phone at 847-628-5040. If you are looking to visit us in person, our office is located on the second floor of the University Center.

Cybersecurity

Cybersecurity Prevention

WHAT IS PHISHING?
Scammers attempt to steal information by posing as another person or organization. Email is the venue most associated with phishing. The scammer is phishing for login credentials (username and password), banking information, etc. Scammers use many tactics such as using the Judson University logo or changing the email sender the address to look like it is being sent by a professor or department. They may even go so far as to create a webpage that mimics Judson’s website.

Don't-Get-Hooked

Protect Yourself

  • Never respond to emails requesting personal information or account details.
  • Don’t click on embedded links or open attachments from strange or suspicious emails.
  • Keep your browser up-to-date and use anti-spam filters.
  • Use separate email addresses for personal use and public forums/accounts.

CYBERSECURITY PRECAUTIONS

Secure Your Devices

  • Do not leave your phone, laptop, iPad, or tablet unattended. Keep your device with you or in a secure location.
  • Use complex passwords and lock codes to secure your data in the event your device is lost or stolen.
  • Lock or power off your workstation when you leave your desk, even for a short period. Require a password login when you return.

Protect your Personal Information

  • Never give out your login credentials (username and password) to anyone. Change your password regularly.
  • Before entering your personal information on a website, be certain it is legitimate and secured using HTTPS. Never give us your username, password, or ID number in an email.

Install an antivirus program that frequently scans your computer for malware.

Judson University provides information systems and technology resources to a large and varied group, including faculty, staff, students, and guests. All members of this community are accountable for using these resources and respectfully text sensitive university information and following the Information Systems and Technology policies and procedures.


Cybersecurity Awareness Training

Cybersecurity awareness training provides employees with the knowledge and understanding of cybersecurity principles and precautions. This type of training prepares employees to identify and respond appropriately to hacking attempts, phishing, and malware infections. All employees are required to complete yearly cybersecurity training.

WATCH Now

Watch the Cybersecurity Awareness Training Video from our most recent training.

Sep 26, 2017

Technology Policies

Acceptable Use Policy

JudsonUniversity’s technology infrastructure exists to support the organization and administrative activities needed to fulfill the organization’s mission. Access to these resources is a privilege that should be exercised responsibly, ethically, and lawfully.

The purpose of this Acceptable Use Policy is to establish the University’s position relating to the acceptable use of its technology and the role each member of the organization has in protecting its information assets, and communicate minimum expectations for meeting these requirements. Fulfilling these objectives will enable Judson University to implement a comprehensive system-wide Information Security Program.

 

 

 

This policy applies to all users of computing resources owned, managed, or otherwise provided by the organization. Individuals covered by this policy include, but are not limited to all employees, students, and service providers with access to the organization’s computing resources and/or facilities. Computing resources include all Judson University-owned, licensed, or managed hardware and software, email domains, and related services and any use of the organization’s network via a physical or wireless connection, regardless of the ownership of the computer or device connected to the network.

Judson University will make every reasonable effort to respect a user’s privacy. However, employees or students do not acquire a right of privacy for communications transmitted or stored on the organization’s resources. In addition, in response to a judicial order or any other action required by law or permitted by official Judson University policy or as otherwise considered reasonably necessary to protect or promote the legitimate interests of the organization, the University reserves the right to access, review, intercept, monitor and/or disclose data created, transmitted, accessed, and/or stored on the University’s network and/or computer equipment. Examples of situations where the exercise of this authority would be warranted include, but are not limited to, the investigation of violations of law or the organization’s rules, regulations, or policy, or when access is considered necessary to conduct University business due to the unexpected absence of an employee or to respond to health or safety emergencies.

The campus network is maintained and provided to assist in the conduct of the University’s business. The network is University property, and all data composed, created, transmitted, and/or stored on the network, is and will remain University property, not the private property of any individual. Data residing on personally-owned workstations that are connected to the campus network is not considered to be University property, but any data created, transmitted, accessed, and/or stored on the campus network by users of these individually-owned computers is subject to the same policies, procedures, guidelines and constraints as data created, transmitted, accessed, and/or stored through the use of University-owned computers.

 

Activities related to Judson University’s mission take precedence over computing pursuits of a more personal or recreational nature. Any use that disrupts the organization’s mission is prohibited.

Following the same standards of common sense, courtesy, and civility that govern the use of other shared facilities, acceptable use of information technology resources generally respects all individuals’ privacy, but is subject to the right of individuals to be free from intimidation, harassment, and unwarranted annoyance. All users of Judson University’s computing resources must adhere to the requirements enumerated below.

4.1 FRAUDULENT AND ILLEGAL USE
Judson University explicitly prohibits the use of any information system for fraudulent and/or illegal purposes. While using any of the organization’s information systems, a user must not engage in any activity that is illegal under local, state, federal, and/or international law. As a part of this policy, users must not:

Violate the rights of any individual or company involving information protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of pirated or other software products that are not appropriately licensed for use by Judson University.

Use in any way copyrighted material including, but not limited to, photographs, books, or other copyrighted sources, copyrighted music, and any copyrighted software for which the organization does not have a legal license.

Export software, technical information, encryption software, or technology in violation of international or regional export control laws.

Issue statements about warranty, expressed or implied, unless it is a part of normal job duties, or make fraudulent offers of products, items, and/or services.

Any user that suspects or is aware of the occurrence of any activity described in this section, or any other activity they believe may be fraudulent or illegal, must notify the Vice President for University Information Systems and Technology and/or Director of Human Resources immediately.

If any user creates any liability on behalf of Judson University due to inappropriate use of the organization’s resources, the user agrees to indemnify and hold the organization harmless, should it be necessary for Judson University to defend itself against the activities or actions of the user.

4.2 CONFIDENTIAL INFORMATION
Judson University has both an ethical and legal responsibility for protecting confidential information following its Data Classification Policy. To that end, there are some general positions that the organization has taken:

Transmission of confidential information by end-user messaging technologies (for example, e-mail, instant messaging, SMS, chat, etc.) is prohibited.

The writing or storage of confidential information on mobile devices (phones, tablets, USB drives) and removable media is prohibited. Mobile devices that access confidential information will be physically secured when not in use and located to minimize the risk of unauthorized access.

All workforce members and service providers will use approved workstations or devices to access the organization’s data, systems, or networks. Non-organization-owned workstations that store, process, transmit or access confidential information are prohibited. Accessing, storage or processing confidential information on home computers is prohibited.

All company portable workstations will be securely maintained when in the possession of workforce members. Such workstations will be handled as carry-on (hand) baggage on public transport. They will be concealed and/or locked when in a private transport (e.g., locked in the trunk of an automobile) when not in use.

Photographic, video, audio, or other recording equipment will not be utilized in secure areas.

Use of College equipment or systems to record sound, pictures, or video of exchanges or information relating to Judson University business or employment practices—regardless of the location of use or whether the use occurs on or off-work time—is forbidden without appropriate authorization. This includes, but is not limited to, surveillance of University property or recording of meetings or interactions taking place at the University or concerning the University’s business. It is inappropriate to record any conversations or exchanges of communications without providing advance notice and obtaining the consent of all participating persons.

All confidential information stored on workstations and mobile devices must be encrypted.

4.3 HARASSMENT
Judson University is committed to providing a safe and productive environment, free from harassment, for all employees. For this reason, users must not:

Use organization information systems to harass any other person via e-mail, telephone, or any other means, or

Actively procure or transmit material that violates sexual harassment or hostile workplace laws.

If an individual feels he/she is being harassed through the use of the organization’s information systems, the user is encouraged to report the harassment as provided in the University’s Discrimination, Harassment, and Sexual Misconduct Policy.

4.4 MALICIOUS ACTIVITY
Judson University strictly prohibits the use of information systems for malicious activity against other users, the organization’s information systems themselves, or the information assets of other parties.

4.4.1 DENIAL OF SERVICE
Users must not:

  • Perpetrate, cause, or in any way enable disruption of Judson University’s information systems or network communications by denial-of-service methods;
  • Knowingly introduce malicious programs, such as viruses, worms, and Trojan horses, to any information system; or
  • Intentionally develop or use programs to infiltrate a computer, computing system, or network and/or damage or alter the software components of a computer, computing system, or network.

4.4.2 CONFIDENTIALITY
Users must not:

  • Perpetrate, cause, or in any way enable security breaches, including, but not limited to, accessing data of which the user is not an intended recipient or logging into a server or account that the user is not expressly authorized to access;
  • Facilitate use or access by non-authorized users, including sharing their password or other login credentials with anyone, including other users, family members, or friends;
  • Use the same password for Judson University accounts as for other non-Judson University access (for example, personal ISP account, social media, benefits, email, etc.);
  • Attempt to gain access to files and resources to which they have not been granted permission, whether or not such access is technically possible, including attempting to obtain, obtaining, and/or using another user’s password; or
  • Make copies of another user’s files without that user’s knowledge and consent.
  • All encryption keys employed by users must be provided to Information Technology if requested, in order to perform functions required by this policy.

4.4.3 IMPERSONATION
Users must not:

  • Circumvent the user authentication or security of any information system;
  • Add, remove, or modify any identifying network header information (“spoofing”) or attempt to impersonate any person by using forged headers or other identifying information;
  • Create and/or use a proxy server of any kind, other than those provided by Judson University, or otherwise redirect network traffic outside of normal routing with authorization; or
  • Use any type of technology designed to mask, hide, or modify their identity or activities electronically.

4.4.4 NETWORK DISCOVERY
Users must not:

  • Use a port scanning tool targeting either Judson University’s network or any other external network, unless this activity is a part of the user’s normal job functions, such as a member of the Office of Information Technology, conducting a vulnerability scan, and faculty utilizing tools in a controller environment.
  • Use a network monitoring tool or perform any kind of network monitoring that will intercept data not intended for the user, unless this activity is a part of the user’s normal job functions

4.5 OBJECTIONABLE CONTENT
Judson University strictly prohibits the use of organizational information systems for accessing or distributing content that other users may find objectionable. Users must not post, upload, download, or display messages, photos, images, sound files, text files, video files, newsletters, or related materials considered to be:

  • Political
  • Racist
  • Sexually-explicit, and /or
  • Violent or promoting violence

4.6 HARDWARE AND SOFTWARE
Judson University strictly prohibits the use of any hardware or software that is not purchased, installed, configured, tracked, and managed by the organization. Users must not:

Install, attach, or connect, or remove or disconnect, hardware of any kind, including wireless access points, storage devices, and peripherals, to any organizational information system without the knowledge and permission of Information Technology;

Download or install, or disable, remove, or uninstall, software of any kind, including patches of existing software, to any organizational information system without the knowledge and permission of the organization;

Use personal flash drives, or other USB based storage media, without prior approval from their manager; or

Take Judson University equipment off-site without prior authorization.

4.7 MESSAGING
The organization provides a robust communication platform for users to fulfill its mission. Users must not:

Automatically forward e-mail or messages of any kind, by using e-mail client mail handling rules or any other mechanism;

Send unsolicited e-mail messages, including “junk mail” or other advertising material to individuals who did not specifically request such material (spam);

Solicit e-mail for any other e-mail address, other than that of the poster’s account, with the intent to harass or to collect replies; or

Create or forward chain letters or messages, including those that promote “pyramid” schemes of any type.

Use of Judson’s equipment or systems to engage in unprofessional communication that could negatively impact the University’s reputation or interfere with the University’s core mission, or unprofessional/inappropriate communication regarding members of the Judson University community—regardless of the location of use or whether the use occurs on or off-work time—is forbidden.

4.8 OTHER
In addition to the other parts of this policy, users must not:

Stream video, music, or other multimedia content unless this content is required to perform the user’s normal academic business or co-curricular functions;

Use the organization’s information systems for commercial use or personal gain; or

Use the organization’s information systems to play games or provide similar entertainment in their role as employees. Reasonable use by students of the University network to play games or provide similar entertainment is allowed.

Judson University reserves the right to protect, repair, and maintain the organization’s computing equipment and network integrity. In accomplishing this goal, Judson University IT personnel or their agents must do their utmost to maintain user privacy, including the content of personal files and Internet activities. Any information obtained by IT personnel about a user through routine maintenance of the organization’s computing equipment or network should remain confidential unless the information pertains to activities that are not compliant with the acceptable use of Judson University’s computing resources.

Enforcement is the responsibility of the organization’s President or designee. Users who violate this policy may be denied access to the organizational resources and may be subject to penalties and disciplinary action both within and outside of Judson University. The organization may temporarily suspend or block access to an account, before the initiation or completion of disciplinary procedures, when it reasonably appears necessary to do the integrity, security, or functionality of the organization or other computing resources or to protect Judson University from liability.

Users are subject to disciplinary rules described in the Student and Employee Handbook, and any other applicable policies and procedures.

Exceptions to the policy may be granted by the Vice President for University Information Systems, or his or her designee. All exceptions must be reviewed annually.

 

The Gramm – Leach Bliley Act (GLBA)
Family Educational Rights and Privacy Act (FERPA)
NIST 800-53
FIPS-199
PCI DSS 3.1
Code of Ethics of the American Library Association

Password Policy

The purpose of the User-Password Policy is to create a uniform standard for the creation of User IDs and passwords associated with applications, network systems, and other computer system accounts used at Judson University.

A poorly chosen password may result in the compromise of Judson’s entire network. As such, all Judson employees (including contractors and vendors with access to Judson systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

The Policy works to balance restrictions to prevent unauthorized access against the requirement to provide efficient access following the needs of the faculty, staff, and students.

 

The policy applies to all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that belongs to Judson, resides at any Judson location, has access to the Judson network, or stores any Judson information.


Passwords within the Active directory system must meet the following requirements:

Passwords are set to expire upon employee termination or 180 days after a student’s last class.

Any password that is discovered to be compromised either intentionally or accidentally is to be immediately disabled. The appropriate supervisor must authorize reactivation after a new password is assigned.

Passwords must be nine or more characters in length and should be sufficiently complex to receive a “Passed!” score when tested by the Judson password tester located at https://password.judsonu.edu/tester.

Passwords must be changed at least once every calendar year.

Accounts are temporarily locked out for 15 minutes after 5 wrong attempts within 15 minutes.

Any system requesting a password must obscure the password during entry and must not transmit the password in clear text across the network.

Enforcement is the responsibility of the organization’s Vice President for University Information Systems and Technology or designee. Users who violate this policy may be denied access to the organizational resources and may be subject to penalties and disciplinary action both within and outside of Judson University. The organization may temporarily suspend or block access to an account, before the initiation or completion of disciplinary procedures, when it reasonably appears necessary to do so to protect the integrity, security, or functionality of the organization or other computing resources or to protect Judson University from liability.

Users are subject to disciplinary rules described in the Student and Employee Handbook, and any other applicable policies and procedures.

 

Exceptions to the policy may be granted by the Vice President for University Information Systems, or his or her designee. All exceptions must be reviewed annually.

The Gramm – Leach Bliley Act (GLBA)
Family Educational Rights and Privacy Act (FERPA)
NIST 800-53

Electronic Mail Policy

The purpose of this email policy is to ensure the proper use of Judson University’s email system and make users aware of what the University deems as acceptable and unacceptable use of its email system. This policy outlines the minimum requirements for use of email within the University’s Network.

 

 

This policy covers the appropriate use of any email sent from a Judson University email address and applies to all employees, students, and agents operating on behalf of Judson University.

 

University Use of email
Email is an official means of communication within Judson University. Therefore, the University has the right to send communications to faculty, communications to faculty, staff, and students via email, and the right to expect that those communications will be received and read in a timely fashion. If you have an Internet Service Provider, you can access the University’s email system from on-campus and off-campus.

Assignment of email addresses
Information Systems and Technology (IST) will assign all faculty, staff, and students an official University email address. It is to this official address that the University will send email communications. This official address will be the email address listed in directories and business cards.

Redirecting email
The University recommends that faculty, staff, and students use the University’s email system. If faculty, staff, or students wish to have an email redirected from their official address to another email address (e.g., @aol.com, @hotmail.com) they may do so, but at their own risk. The University will not be responsible for the handling of email by outside vendors. Having an email redirected does not absolve a faculty member, staff member, or student from the responsibilities associated with communication sent to his or her official email address.

Email communications expectations
Faculty, staff, and students are expected to check their official email addresses on a frequent and consistent basis to stay current with University communications. The University recommends checking email at least once a day; in recognition that certain communications may be time-critical.

Educational uses of email
Faculty may determine how the email will be used in their classes. It is highly recommended that if faculty have email requirements and expectations they specify these requirements in their course syllabus. Faculty may expect that students’ official email addresses are being accessed and faculty may use email for their courses accordingly.

Appropriate use of the email
In general, email is not appropriate for transmitting sensitive or confidential information unless an appropriate level of security matches its use for such purposes. The email system is not designed to be a record retention system. In addition, it is suggested that important documents be sent with a return receipt.

All use of email, including use for sensitive or confidential information, will be consistent with the Acceptable Use Policy.

All use of email will be consistent with local, state, and federal law, including the Family Educational Rights and Privacy Act of 1974 (FERPA). All use of email, including use for sensitive or confidential information, will be consistent with FERPA. To ensure compliance with FERPA regulations, all correspondence that concerns confidential or sensitive information should utilize official Judson University email addresses.

 

The organization provides a robust communication platform for users to fulfill its mission. Users must not:

Automatically forward e-mail or messages of any kind, by using e-mail client mail handling rules or any other mechanism;

Send unsolicited e-mail messages, including “junk mail” or other advertising material to individuals who did not specifically request such material (spam);

Solicit e-mail for any other e-mail address, other than that of the poster’s account, with the intent to harass or to collect replies; or

Create or forward chain letters or messages, including those that promote “pyramid” schemes of any type.

Use of Judson’s equipment or systems to engage in unprofessional communication that could negatively impact the University’s reputation or interfere with the University’s core mission, or unprofessional/inappropriate communication regarding members of the Judson University community—regardless of the location of use or whether the use occurs on or off-work time—is forbidden.

Enforcement is the responsibility of the organization’s Vice President for University Information Systems and Technology or designee. Users who violate this policy may be denied access to the organizational resources and may be subject to penalties and disciplinary action both within and outside of Judson University. The organization may temporarily suspend or block access to an account, before the initiation or completion of disciplinary procedures, when it reasonably appears necessary to do so to protect the integrity, security, or functionality of the organization or other computing resources or to protect Judson University from liability.

Users are subject to disciplinary rules described in the Student and Employee Handbook, and any other applicable policies and procedures.

 

Exceptions to the policy may be granted by the Vice President for University Information Systems, or his or her designee. All exceptions must be reviewed annually.

The Gramm – Leach Bliley Act (GLBA)
Family Educational Rights and Privacy Act (FERPA)
NIST 800-53