Security Review has three main roles:
Use of Computing Policy,
complaints about abuse and directing them to the proper campus
authority for investigation and resolution, and
and reviewing amends to the RUC policy.
The SRP's scope is actually narrow, confined to matters of
security, integrity, and functioning of the GMU information structure
and its use for its intended purposes. Matters covered by other
policies or laws -- e.g., copyright, sexual harassment, honor code
violations -- intentional damage of computers or files -- will be
referred to the appropriate campus authorities.
GMU faculty, staff, and students are subject to the RUC policy. Faculty
and staff are subject to additional restrictions on employees of the
Commonwealth of Virginia. All members of the community agree to the
terms of the RUC policy at the time they first sign on their GMU
SRP consists of three faculty members, two members of the GMU
Technology Council, one graduate student, one undergraduate student,
one Information Technology Unit (ITU) staff member, and one non-ITU
system administrator (SA). The SRP members are appointed by the Vice
President for Information Technology (VPIT). The SRP chair will be one
of the faculty members and will be appointed by the VPIT.
University maintains a mailbox, email@example.com (also firstname.lastname@example.org)
for anyone to report a suspected abuse of the RUC policy. When a
complaint is received, the system replies to the sender with this
Thank you for making your concerns known to STOPIT. This is
an automated reply to let you know that your message has been received.
A copy has been sent to the STOPIT group, which includes the Security
Review Panel and university officials responsible for the various
university policies about which violations are reported to STOPIT. You
will hear from a STOPIT group member concerning your note. If you have
notified STOPIT of spam or virus conditions, system engineering will
see if it can be blocked but they will not normally reply to you. If
you need technical (not STOPIT) help, such as cleaning viruses or
changing passwords, contact the Support Center at 703-993-8870.
SRP is authorized to create subgroups as needed. One such group
explicitly mentioned in the RUC policy is a campus computer emergency
response team (CCERT). However, no CCERT has been created because
system administrators have been able to handle all emergencies within
their existing organizational structures.
RUC policy carefully defines the responsibilities of system
administrators during the investigation of abuses and complaints. They
are permitted to take emergency action to protect the health and
integrity of their systems. They assist the official investigator of
abuse complaints in gathering evidence. At all times they are required
to treat all user and user information with respect for privacy.
panel periodically reviews the RUC policy and recommends improvements
and clarifications as needed. All modifications to the RUC policy will
be made with full public disclosure and reasonable periods for public
The STOPIT process is central to the SRP's
operations. All the campus authorities who investigate complaints that
may be received via STOPIT use the STOPIT process whenever possible
(unless someone is in danger or the threat is high). The person engaged
in the alleged misuse is given the chance to stop or to explain before
any stronger action is taken. Many students inadvertently do things
they should not, and will not repeat if somebody informs them.
-back to top-