Skip to Content

ISBER Security Policy

Institute for Social, Behavioral and Economic Research
Network Security Policy

Purpose:The purpose of this policy is to establish requirements which all employees of the Institute for Social, Behavioral and Economic Research (ISBER) and other individuals (staff, faculty, students and others affiliated with the University) with access to the ISBER network and ISBER electronic resources must follow in order to prevent unauthorized access to confidential information. The University has a duty to (i) safeguard confidential information which is accessible via the ISBER network, (ii) prevent unauthorized use of network resources and (iii) ensure that the use of computer workstations is in compliance with federal and state regulations and with system-wide and campus policies.

University of California and UCSB Policies: Every user who has an account on an ISBER server or access to the wired and wireless ISBER network is responsible for abiding by the University of California and UCSB Network Policy and Procedures. A copy of these policies can be found at http://www.oit.ucsb.edu/connect/policy.asp.

Computer & Network Passwords: Your user name and password are the keys that provide access to confidential information. Passwords must be kept secret to assure confidentiality.

  1. Passwords must be at least 8 characters in length and must include one capital letter, one non-capital letter and at least one  number. The password may include spaces and special characters.
  2. Do not use an easily discoverable password. Using a combination of letters and numbers or caps and no-caps is more difficult to discover.
  3. Do not write down your password. Select a password that you can easily remember, but cannot be easily guessed by a person or hacking program. Using a “pass-phrase” (sequence of words or other text) is recommended for ease of remembering, such as "Mycatme0ws".
  4. Network passwords may expire every six months, at which time you will be prompted to change your password.
  5. Maintain your password as a secret code and do not communicate to anyone, except as provided by item 6 below. If you reveal your password, and it is used to gain unauthorized access to the network, there will be no way to distinguish between this unauthorized access and your own access. If there is a need to share information maintained by another person, the ISBER help desk will set up directory permissions to allow this without the sharing of login passwords.
  6. Where special circumstances require a shared workstation, the primary person responsible for the workstation is responsible for assigning the password and may only reveal it to individuals who have signed confidentiality agreements, and who are required to work on a shared access workstation to perform their job duties.

Workstation Use:

To safeguard the ISBER data and servers against unauthorized access, please follow the guidelines below:

  1. Do not leave your workstation logged on in your absence unless you have secured it from unauthorized access. This can be done either by pressing CTRL-ALT-DEL and selecting “LOCK WORKSTATION”, or by setting up a password protected screen saver that will come on after a specified interval of inactivity. Please contact the help desk for assistance with using these features.
  2. Use only ISBER provided software on your ISBER PC. All software, including freeware, shareware and executable Internet downloads, must be approved by ISBER if the machine is connecting to the ISBER network. Once it is approved, a request can be made to the help desk for assistance with installing software.
  3. Computer viruses are a threat to ISBER data and computing resources. The network servers will attempt detect and cleanup viruses on files saved to the server disk. An antivirus firewall scans all incoming e-mail for viruses and each workstation has a virus scanning program installed on it. Some newer viruses may get through these protections, so please be careful when opening emailed attachments, and verify that the email is not spam before opening the attachment. Please make every effort to avoid introducing viruses to the ISBER network, e.g. disks used outside the network should be cleansed of viruses before use on the ISBER network. Do not disable your local workstations virus scanning program.
  4. Viruses or other potentially damaging malware may be received from Internet web sites. It is the user’s responsibility to avoid interacting with potentially risky web sites that may download unsafe software to their ISBER computer. For example, “click here to sign up for a free gift” may actually download an executable program to your computer that will gather and send information on your computer usage to an external entity. It may also be used to exploit your computer to spread malware to other computers on the network.
  5. You must obtain the approval from the ISBER help desk before allowing your computer to be connected to any other system through the use of any communications device, such as an alternate internet service provider. This is to make sure that your actions do not pose a potential threat to ISBER information.

Data Security: All data and applications stored on ISBER systems are the property of the ISBER and/or the owner's primary department and are thus controlled by the UC policies regarding the transportation of property. It is the responsibility of the department and user to ensure that all data is protected in a manner that meets FERPA (Family Educational Rights and Privacy Act), HIPAA (Health Insurance Portability and Accountability Act) regulations, SB 1386 and any other laws concerning the protection of private information or any other policies governing ISBER data. If your ISBER machine is used on another on-campus network then that department's rules may be stricter than this policy defines. Please refer to local department policies for further clarification. Local departmental rules do not override ISBER policy, although they may add to it.

Web Access and E-mail: ISBER web access and e-mail is for University business and is subject to departmental, campus and UC policy. Users may use the Internet and e-mail for incidental personal use provided that this use does not: (i) interfere with the University's operation of electronic communications resources; (ii) interfere with the user’s employment or other obligations to the University, or (iii) burden the University with noticeable incremental costs.

Web Hosting: ISBER web hosting customers must apply all policies defined in this document to their websites or web applications. Drupal and other CMS customers must adhere to their respective products' security best practices. Anonymous account creation and anonymous file uploads are strictly forbidden. An example security best practice for Drupal can be found at http://www.sas.upenn.edu/computing/drupal-secure-settings.

Network Bandwidth: Subscribing to internet-based bandwidth sharing applications is specifically not allowed under University policy.

Sanctions: Violation of this policy may result in loss of access to the ISBER Network and/or disciplinary action pursuant to University policy and the appropriate collective bargaining agreement.

Confidentiality Agreement: I have read the above and I agree to abide by this policy. I acknowledge the importance of student, staff and faculty privacy and agree to handle confidential information in a manner that supports that privacy and is in keeping with this policy, federal and state regulations and with system-wide and campus policies.



webform | by Dr. Radut