1.0 Approval and adoption and revision
Approved by the Information Technology Manager on March 28, 2023.
2.0 Purpose
To provide the authority for authorized members of the Office of Information Technology and the University’s Security Office to conduct a security audit on any system within Intercollegiate Athletics in accordance with University Policy AD95.
Audits may be conducted to:
- Ensure integrity, confidentiality and availability of information and resources
- Investigate possible security incidents and ensure conformance to the Intercollegiate Athletics security policies
- Monitor user or system activity where appropriate (e.g. system compromise is suspected, policy violations are suspected, complaints have been received, etc.).
- Ensure validity of user accounts
3.0 Scope
This policy applies to all computer and communications devices owned or operated by Intercollegiate Athletics. This policy also applies to any computer or communications devices that are present in an Athletics facility or Athletics operated network that are not owned or operated by Intercollegiate Athletics.
4.0 Policy
When requested, and for the purpose of performing an audit, any access needed will be provided to members of the Athletics or University security teams. Users and/or support personnel must ensure that any hardware or software installed for the purposes of filtering traffic such as a firewall appliance or personal firewall software allow unrestricted traffic to and from all systems authorized to conduct security audits at the departmental or University Security Office levels.
This access may include:
- User level and/or system level access to any computer or communications device
- Access to information (electronic, hardcopy, etc.) that may be produced, transmitted, or stored on Intercollegiate Athletics equipment or premises
- Access to work areas (offices, cubicles, storage areas, etc.)
- Access to interactively monitor and log traffic on the Intercollegiate Athletics network
At no time shall anyone other than those authorized within Athletics or the University be permitted to scan computers or devices connected to an Athletics operated network or capture (e.g. sniff) any traffic on an Athletics operated network.
5.0 Enforcement
Anyone found violating this policy will be subject to disciplinary action by his or her Administrative unit, Intercollegiate Athletics, or the University.
Athletics or University Security Office personnel will immediately terminate network access to any system found to be scanning systems or capturing traffic in violation of this policy. Individuals found to be in violation of local, Commonwealth or Federal regulations or laws will be referred to the University Security Office for case disposition.
