The security plan template from Augustana College outlines guidelines for protecting the computing environment. It provides restrictions on illegal or harmful use of networks and software. Specific prohibitions include harassment, commercial use, unauthorized access, and distributing copyrighted content. The plan also details policies on passwords, data classification, disaster recovery, and responding to security incidents. The goal is to create a high quality, ethical computing environment for the Augustana community.

1. Jerrell Collymore
12/08/2015
Security Plan Template
The ITS Department of Augustana College wishes to provide a high-quality computing
environment for the Augustana community. For this to take place, certain ethical standards
need to be observed by all members of the Augustana community. The guidelines listed below
apply to all network users.
1. Protection and Security
Summary: The goal of the protective portion of the security plan is the protection of
information and assets belonging to Augustana College by creating guidelines for all users on
the Augustana Network.
Restrictions
Augustana College students, faculty and staff will not use the college computing facilities for:
 any activity which is illegal under Federal or State law
 sending harassing email
 using the college property for commercial purposes
 any activity that violates the integrity of or interferes with the normal operation of the
college computing system
 unauthorized use of another person's user identification and password
 unauthorized transfer of a file or files
 unauthorized entry into a file to use, read or change its contents
 monitoring or viewing network traffic
Software and Copyrighted Material
Users are permitted to use college acquired software for any activity that is within the mission
of or support of the College. Augustana College has negotiated agreements that make certain
software generally available. Software that is available through institutional Site licenses are
subject to copyright and license restrictions, and users are not allowed to make or distribute
copies without authorization. Contact the Helpdesk (x7293) for further information. Software
installed by the user may be subject to software audit processes and users should be prepared
to present proof of ownership or right to use documentation. In addition, due to the vast
amount of software products available, ITS will do their best to support individually installed
software; however support issues are the responsibility of the users. This includes upgrade

2. releases of supported products. Online distribution of copyrighted material without the written
permission of the copyright holder is not allowed.
Computer Use Policy:
Prohibited actions under this policy, include, but are not limited to, the following:
1. Providing computer access to unauthorized persons (e.g., by loaning your account to
someone else or disclosing someone's password to a third party);
2. Disrupting access to a computer system, network, or files (e.g., by crashing a public
system; releasing viruses; attempting to learn or alter someone's password; tying up
computer resources, printers or operating systems; or using computer systems for
illegal activities);
3. Accessing or changing someone's files without permission;
4. Downloading or uploading unauthorized copyrighted materials;
5. Using email or messaging services to harass or intimidate another person (e.g., by
broadcasting unsolicited messages, repeatedly sending unwanted mail, or using another
individuals' name or user name);
6. Intentionally wasting resources.
Password Policy:
Data Classification:
Summary: Augustana College maintains data essential to the performance of college business.
All members of the college community have a responsibility to protect data from unauthorized
generation, access, modification, disclosure, transmission, or destruction.
Data & Backup
2. Risk assessment, Recovery, and procedure
Disaster Recovery:
Summary: Each academic unit and administrative division must develop plans that will allow it
to perform its core required operations in an alternative fashion as well as an appropriate
disaster recovery policy for their working environment.

3. 1. Identification and classification of primary risks and exposures including external and
environmental risks as well as inherent business risks;
2. Probability (likelihood) of occurrence;
3. Impact of occurrence including cost and reputation;
4. Strength of existing controls;
5. Acceptance of identified risks vs. cost of various mitigation plans.
Security Incidents:
3. Training & Awareness: