MISSION The Security Review has three main roles:
The SRP's scope is actually narrow, confined to matters of
security, integrity, and functioning of the GMU information structure
and its use for its intended purposes. Matters covered by other
policies or laws -- e.g., copyright, sexual harassment, honor code
violations -- intentional damage of computers or files -- will be
referred to the appropriate campus authorities. All GMU faculty, staff, and students are subject to the RUC policy. Faculty and staff are subject to additional restrictions on employees of the Commonwealth of Virginia. All members of the community agree to the terms of the RUC policy at the time they first sign on their GMU account. The SRP consists of three faculty members, two members of the GMU Technology Council, one graduate student, one undergraduate student, one Information Technology Unit (ITU) staff member, and one non-ITU system administrator (SA). The SRP members are appointed by the Vice President for Information Technology (VPIT). The SRP chair will be one of the faculty members and will be appointed by the VPIT. The University maintains a mailbox, stopit@gmu.edu (also abuse@gmu.edu) for anyone to report a suspected abuse of the RUC policy. When a complaint is received, the system replies to the sender with this automatic response: Thank you for making your concerns known to STOPIT. This is an automated reply to let you know that your message has been received. A copy has been sent to the STOPIT group, which includes the Security Review Panel and university officials responsible for the various university policies about which violations are reported to STOPIT. You will hear from a STOPIT group member concerning your note. If you have notified STOPIT of spam or virus conditions, system engineering will see if it can be blocked but they will not normally reply to you. If you need technical (not STOPIT) help, such as cleaning viruses or changing passwords, contact the Support Center at 703-993-8870. The SRP is authorized to create subgroups as needed. One such group explicitly mentioned in the RUC policy is a campus computer emergency response team (CCERT). However, no CCERT has been created because system administrators have been able to handle all emergencies within their existing organizational structures. The RUC policy carefully defines the responsibilities of system administrators during the investigation of abuses and complaints. They are permitted to take emergency action to protect the health and integrity of their systems. They assist the official investigator of abuse complaints in gathering evidence. At all times they are required to treat all user and user information with respect for privacy. The panel periodically reviews the RUC policy and recommends improvements and clarifications as needed. All modifications to the RUC policy will be made with full public disclosure and reasonable periods for public comment. The STOPIT process is central to the SRP's
operations. All the campus authorities who investigate complaints that
may be received via STOPIT use the STOPIT process whenever possible
(unless someone is in danger or the threat is high). The person engaged
in the alleged misuse is given the chance to stop or to explain before
any stronger action is taken. Many students inadvertently do things
they should not, and will not repeat if somebody informs them.
|
Email the Webmaster