ITS Security Policy 117 Education and Training Sandbox Environments

Tags security

[SW1] 

Security Policy Goals [Link]

Statement of purpose

In order to teach computer science-related classes at CCC, faculty may need a special environment to be provisioned. Such environments are directly managed by faculty and are not subject to the security controls imposed by the Information Security and Acceptable Use Policies. In these situations, faculty and CCC ITS staff work to create an environment that meets faculty needs, without exposing the larger CCC technology environment to risk.

A Sandbox Environment is a specialized, self-contained environment used by faculty and others that is isolated from the CCC network, services, and other resources.

Scope statement

This policy has tightly controlled scope. It only applies to special teaching environments created in partnership between faculty and ITS staff, designated as Sandbox Environments.

Policy summary

Clackamas Community College (CCC) instructors, for the purposes of teaching network, information security, software development, and other Information Technology Services curriculum may utilize a teaching environment known as a Sandbox Environment.

This policy shall be subject to and superseded by applicable regulations and laws.

Policy

  1. The Chief Information Security Officer (CISO) shall approve the establishment of a Sandbox Environment.
  2. The ITS Security Team shall review and certify the Sandbox Environment to ensure that the sandbox environment is properly isolated from production systems and appropriate security controls are implemented to prevent student activities from impacting legitimate college activities.
  3. The Information Security Team shall audit integrity of any Sandbox Environment at periodic intervals and after any significant changes have been made.
  4. Sandbox environments shall be restricted to use by computer science students and faculty.
  5. Sandbox environments shall be used only for activities relevant to a course of study.
  6. The sandbox environment shall not be used to conduct illegal or illicit activities nor track, monitor, surveil, threaten, or harass others.
  7. An Acceptable Use Policy shall be enforced for each sandbox environment and users shall be required to agree to the AUP terms in order to use the sandbox environment.
  8. A physical security steward shall be appointed to each sandbox environment.
  9. Computer Science faculty shall ensure that usage of the sandbox environment complies with applicable policies, laws, and regulations and shall report any non-compliance to the CCC CIO.

Exemptions

Certified Sandbox Environments are exempt from all other Information Security and Acceptable Use policies.

Exceptions

Exceptions to this policy must be pre-approved in writing by the Chief Information Officer (CIO).

Policy violation [Link]

Complaint procedures [Link]

Governing standards, policies, and guidelines [Link]

Definitions [Link]

Responsible executive

Chief Information Officer

Last revision date

09-14-2022 srw (Final Draft)

 

 [SW1]We will need CS review.

Print Article