The American University in Cairo
School Of Business,Economics And Communication
 

Purpose

University Network Services and Security office must take immediate action to mitigate any threats that have the potential to pose a serious risk to campus information system resources or the Internet. If the threat is deemed serious enough, the computer(s) user posing the threat will be restricted or blocked from network access. These guidelines specify how the decision to block is made and the procedures involved.

Guidelines

University Network and Systems Security Office personnel have the authority to evaluate any threat to campus information system resources or the Internet and to take action to mitigate that threat. Action that is taken will be responsible and prudent based on the risk associated with that threat and the potential negative impact to the campus mission caused by making the offending computer(s) inaccessible. Examples of threats that are serious enough to invoke these procedures are:

  • The level of network activity is sufficiently large as to cause serious degradation in the performance of the network.

  • System administrative privilege has been acquired by someone who is not supposed to have it.

  • An attack on another computer or network has been launched.

  • Confidential, private or proprietary electronic information or communications are being collected.

  • Continued complaints have been received regarding inappropriate activity and no response has been received from the departmental contact regarding the incident.

Procedures

If the threat is immediate, the offending computer(s) user(s) will be blocked immediately and notification will be sent to the departmental security contact(s) via email notifying that the block has occurred. If the threat is not immediate, notification of the threat will be sent to the departmental security contact(s) via email. If a response is not received within 4 hours indicating that the department is taking action to mitigate the threat, the offending computer(s) will then be blocked. In either case, network and systems security personnel will work with the departmental security contact(s) and/or the system administrator(s) to ensure that the computer(s) are properly re-secured. If a block has been put in place it will be removed only when both the department and central campus security personnel agree that the problem causing the incident has been sufficiently addressed.

Recourse

If a department feels that a computer user has been inappropriately blocked it may request a review of the decision by the Network & Systems Security Officer. If, after the review, there is still a disagreement with the decision, it may be further reviewed by the Associate Vice President of Computing.

Back to other Policies