IT Security Policy 203 - Restricted Access and Malicious Behavior

Statement of Purpose

Clackamas Community College (CCC) provides a variety of technology products and services to support its academic and administrative needs. Individuals utilizing the College’s Information Technology Services (ITS) resources are expected to adhere to defined behaviors that minimize information security risks and protect the College and its constituents.

The primary objective of this policy is to protect students, faculty, and staff from identity theft or unauthorized disclosure of personal information by adopting best practices in information security. CCC’s ITS department is responsible for ensuring the integrity, availability, and performance of technology services required to support academic and administrative operations. Any interference with ITS resources may degrade students’ learning experiences, disrupt essential services, and compromise sensitive systems and data.

This policy strictly prohibits unauthorized access to or interference with ITS resources for purposes beyond their designated functions. Attempts to gain unauthorized access typically involve intentional use of specialized technologies or behaviors outside of normal service usage. This policy does not restrict the appropriate and authorized use of CCC’s technology services for their intended purposes.

Scope Statement

This policy applies to all CCC employees, students, affiliates, and any third parties who create, use, maintain, or handle CCC ITS resources. It encompasses all CCC-owned and managed ITS resources, all computers and mobile devices connected to CCC networks, and all sensitive data stored or transmitted using CCC ITS resources.

Policy Summary

Users of CCC ITS resources shall only utilize these resources for their designated purposes. Unauthorized access to restricted network areas, monitoring or interfering with network traffic, or engaging in any behavior that could negatively impact CCC networks and systems' availability or performance is strictly prohibited.

Policy

  • Users shall only access ITS resources for conducting authorized academic or administrative activities.

  • Users shall not engage in malicious behavior, including but not limited to:

    • Installing hardware devices or developing, downloading, or using software to gain unauthorized access to ITS resources, disrupt network users, or damage software/hardware components.

    • Introducing malicious software into the network or causing security breaches or disruptions of network communication.

    • Circumventing user authentication or the security of any host, network, or account.

    • Interfering with or denying service to any user.

Prohibited Activities (see: Exemptions)

Users shall not:

  • Perform port scanning or security scanning.

  • Conduct any form of network scanning.

  • Operate web servers or host websites for personal or non-CCC business purposes.

  • Participate in peer-to-peer file sharing (e.g., Torrent).

  • Engage in any Dark Web activities, including but not limited to, hosting (e.g., Onion Routers) and browsing (e.g., TOR browser).

  • Leverage ITS resources for cryptocurrency mining (e.g., Bitcoin mining).

  • Engage in illegal activities.

Exemptions

Authorized CCC ITS staff or supervised affiliates may install specialized software and hardware and perform network support and monitoring activities as required in the normal course of work.

Exceptions

Exceptions to this policy require prior written approval from the Chief Information Officer (CIO).

Print Article