Versions Compared

Old Version 3

changes.mady.by.user Kalevi Lehto

Saved on

compared with

New Version 4

changes.mady.by.user Unknown User (kimmosv)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Contents

Table of Contents
indent20px
styledisc

...

All IT offences and actions taken because of them must be reported to the Head of IT Services.

1. Restricting user permissions pending investigation

User permissions can be restricted either by disabling all or some of a person's user accounts or by other means preventing the use of an information system (e.g. by removing the modify permission) . During for the duration of the investigation,

  • a student's user accounts are as a rule disabled and she or he will be called to a discussion with the Chief Information Security Officer or the person in charge of the system
  • the user permissions of a staff member will be restricted as needed. In a network violation incident, user permission restriction may also involve disconnecting the user's workstation from the network.

...

The decision to restrict user permissions is made by the owner of the information system in question, the head of the unit, or someone else appointed to the task. The restrictions are carried out by the administrator. In an urgent situation, the administrator may independently restrict user permissions for three days at maximum, and will immediately report it to the person in charge of restrictions.

2. Consequences

In minor offences the user admonished for improper action.

The person committing an IT offence is liable for the costs incurred from the use of resources (e.g. computer time) as well as for the costs incurred from the investigation.

2.1 Students

A student may be subject to the following consequences: restriction of user permissions (disabling of user accounts) (General Policy of the Use of Information Systems), the university's internal administrative actions (a written warning, a temporary dismissal) (Polytechnics Act , secion 2814.11.2014/932), and reporting a crime (actions punishable by law).

...

The decision to give a written warning is made by the university's President. The decision of a temporary dismissal is made by the Board of Management.

2.2 Staff

A staff member may be subject to the following consequences: the university's judiciary action as defined in labor law (a written warning, dismissal, termination of the contract of employment) (Employment Contracts Act, Chapter 7, Section 2, Chapter 8, Section 1) and reporting a crime (actions punishable by law). A warning is given by the head of the unit or the director of administration. Access to specific information systems can be disabled temporarily or permanently on the grounds of a lack of trust resulting from misuse. When determining the consequences, the intent and the seriousness of the offence are considered.

3. Examples of offences

Distributing material subject to criminal law

  • material subject to criminal law includes child pornography, bestiality, aggressive violence, cruel violence, racist material and incitation to crime.

Unlawful distribution of material subject to copyright law

  • Copyrighted material includes music, videos, cartoons, games and software.

Giving one's login credentials to someone else

  • Giving login credentials includes giving one's password to another user or leaving a session open so that someone else can use the credentials unsupervised.

Risking data integrity

  • handing over information classified as non-public to a person who is not authorized to having it, e.g. handing over server user data
  • negligence of information security in the case of information classified as non-public - e.g. insufficient protection of an information system
  • breach of confidentiality
  • breaking the personal data act

Negligence of personal information security

  • e.g. leaving one's password in the open

...