IAP Behavior
Home Up Reports

Informatics Research Institute

Up

Acceptable Behavior

The following is the the basis for establishing an acceptable behavior policy for the Information Assurance Program and NIATEC. This is a living document

First Draft

This document is drawn from the policy statement by Dr Julie and Dan Ryan of George Washington University. There are no sustentative differences between this document ant the original at GWU. Subsequent drafts will be posted.
 

Code of Conduct

Certificate students are trusted with access to the practices, procedures and technologies used to attack and protect valuable information assets and systems. This trust requires an uncompromising commitment to satisfying the highest moral and ethical standards. Adherence to all laws, rules and regulations applicable to the field and practice of information security is critical. Maintaining Idaho State University's and NIATEC's unique position in the field of information assurance education, however, requires more than simple obedience to the law. Our faculty, and those who employ our graduates, expects that professionals trained by ISU will demonstrate sound ethics, honesty and fairness in providing security products and services.            

 

This code of conduct sets forth basic standards to guide the behavior of Certificate students. It attempts to provide comprehensive guidance with regard to dealings under the law with the University, on behalf of the University, with fellow students and on the student’s own behalf. ISU expects each student to assume a sense of personal responsibility for assuring the compliance of his or her own behavior and those of their fellow students. The Code of Conduct represents a “zero tolerance” policy. In recognition of the sensitive nature of the subject matter with which students are entrusted, it goes beyond the usual standards of academic integrity to which all students are subject.

ISU understands that this code must be flexible enough to deal with hundreds of different daily activities in addition to future academic and business issues. Toward that end, ISU expects each student to use sound judgment in the performance of his/her studies. Sound judgment means, among other things, that the student should consider whether his/her conduct would be viewed with approval by family, friends, colleagues and the community at large were the activity to be disclosed.

 

Students should read this code carefully, and then execute the attached form to certify that they have done so and to acknowledge a commitment to follow its terms. Violations of the code may subject the student to disciplinary action, from reprimand to termination of participation in the Certificate Program.
 

Policy

ISUs policy is to provide outstanding education in information security and to teach students how to provide excellent service to their employers and clients in an honorable manner. Following the guidelines set forth in this code of conduct and the application of sound judgment will ensure the success of our mission and the continuing prosperity of the University and its programs. New students will read this Code of Conduct and sign the attached Student Certification and Agreement. The Student Certification and Agreement will be retained by ISU for a period of not less than five (5) years following the student’s graduation or otherwise leaving the Program.

 

Ethical behavior, compliance with laws and regulations, and due diligence 

ISU students are responsible for behaving according to the highest standards of ethical conduct, for conducting themselves in conformance with all laws of the United States and other jurisdictions in which they may find themselves, and for exercising due diligence in the conduct of the studies and projects that comprise their education. The highest ethical standards are essential to the success of ISU's Certificate in Information Assurance Program. In addition, having high ethics values in the Program creates an environment of trust, consideration for colleagues, and a sense of responsible behavior that enhances ISU's academic environment and the value of the Program.

 

Students should be aware that they may be held personally liable for any improper or illegal acts committed during the course of their education, and that "ignorance of the law" is not a defense. Students may be subject to civil penalties, such as fines, or regulatory sanctions, including suspension or expulsion. Potential penalties for illegal acts under federal sentencing guidelines are severe and may include imprisonment and substantial monetary fines. Existing federal and state laws, as well as the laws of foreign jurisdictions, may impose civil money penalties, permit the issuance of cease and desist orders, or have other consequences.

 

Students who are uncertain about the laws of a particular jurisdiction or whether certain acts or practices comply with the law should contact their professor or Professor Corey Schou. Students who become aware of any violations of the law or questionable practices by a fellow student should also contact their professor or Professor Schou immediately. Disclosure of questionable or improper conduct to faculty members who can take appropriate action is critical to ISU's success. All such communications will be investigated fully. Moreover, retribution against students who report ethics complaints or student misconduct will not be tolerated and is itself a violation of ISU's ethical standards.

 

General responsibilities for all Certificate students

All Certificate students are expected to conduct their activities in a manner that satisfies the highest of ethical standards. Each student must:

  1.  Conduct activities in accordance with high ethical and moral standards

  2.  Conduct all activities in accordance with the academic integrity standards posted on the ISU web site

  3.  Be aware of, and abide by, the laws of the United States, the individual States, foreign countries and other jurisdictions in which ISU provides products or services

  4.  Adhere to the spirit of the law as well as its substance

  5.  Always act with personal integrity based on principles of sound judgment

  6.  Neither condone nor ignore any illegal or unethical acts for any reason
     

Faculty Responsibilities

 Each faculty member is responsible for assuring that every student under his/her direction is familiar with this code of conduct and understands its importance to ISU's success.

 

ISU's responsibilities

ISU is responsible for insuring that all Certificate students are aware of and understand this code of conduct. ISU is responsible for creating an educational environment in which this Code of Conduct may be successfully implemented. ISU will ensure that all students receive, as part of the Certificate Program, education, training and awareness regarding ethical issues, policies, practices and procedures, and will insure the availability of support and guidance to any student who seeks them.

 

Confidentiality of information

Successful relationships with our students and the firms that sponsor them are founded on trust in ISU's ability to maintain the confidentiality of information entrusted to the University through our students. Certificate students are frequently required to deal with sensitive information. Every student must exercise care in handling confidential information concerning the University and its programs, sponsoring firms, or other organizations with which he or she comes into contact in the course of academic activities. Handling sensitive information in a highly professional manner promotes our reputation for integrity, thereby enhancing relationships with the University, sponsors and other organizations. Every student is expected to be familiar with and to comply with the policies, practices, procedures and standards of care contained in this Code of Conduct as well as the Academic Integrity policies of the University.

 

As a general rule, students should exercise the utmost care with confidential information in order to avoid violations of legal or ethical constraints. When in doubt, students should assume that information is confidential and therefore subject to this high standard of care.

 

Students must particularly exercise caution when discussing sensitive information outside the classroom. For example, special care should be taken in elevators, when speaking on cellular telephones, with facsimile transmissions, while at social gatherings and in other public places to insure that casual conversation or inadvertent displays of written material do not lead to the disclosure of such information. Within ISU, students should be cautious in conversations to avoid any dissemination of nonpublic information to people who do not have a "need to know."

 

Trading on insider information

Certificate students assigned to deal directly with outside firms in the course of projects will frequently be exposed to proprietary or confidential information that could be used in developing or applying investment strategies. Students are cautioned not to engage in securities trading that might result in the appearance of impropriety. Students are strictly prohibited from trading stocks, bonds or other securities on the basis of material nonpublic information to which they are exposed in the course of their projects. Likewise, Certificate students, or members of the student's immediate family, may not directly or indirectly speculate in materials, equipment, supplies, or property to be purchased by ISU based upon information gained in the performance of the student's studies and not available to the general public.

 

Copyrighted or licensed materials

It is both illegal and unethical to engage in practices that violate copyright laws or licensing arrangements. All Certificate students must respect the rights conferred by such laws and arrangements and refrain from making unauthorized copies of protected materials, including articles, documents and computer software.

 

Proprietary information

Certificate students who have access to proprietary information owned by the University or organization with which the student comes into contact in the course of studies or projects shall refrain from disclosing any such information, directly or indirectly, or using it for any purpose except as required in the course of their studies. Students will not be assigned to engagements or other tasks where they might be required to use or disclose trade secrets belonging to their employers. Students should not bring to class or group activities any information from their place of employment that might be considered proprietary or any items that may have been purchased or produced in the performance of the student’s employment. For students graduating or otherwise leaving the Program, the obligation to preserve the confidentiality of ISU's and its faculty’s proprietary information acquired in the course of their studies does not end upon termination of their studies at ISU. The obligation continues indefinitely until ISU or the faculty member authorizes disclosure, or until the proprietary information legally enters a public domain.

 

Drug and substance abuse

Certificate students must refrain from the use of illicit drugs or the abuse of intoxicating substances. Such practices are contrary to good physical and mental health, inhibit successful performance, and endanger the protection of proprietary information. Students found to have used or abused illicit drugs or intoxicating substances will be subject to disciplinary action up to and including expulsion from the Program.

 

Sexual harassment

Sexual harassment of students by the University, its students, or faculty is unacceptable and will not be tolerated. Violation of this policy may result in disciplinary actions up to and including expulsion from the Program. Any incidence of sexual harassment or discrimination in any form should be reported to the appropriate faculty member or Professor Corey Schou.

 

Relationships with the Media

No Certificate student is authorized to make any statement or to give any information about ISU or its programs to the media without prior permission of Professor Corey Schou. This policy is not intended to restrict communications or free speech but to ensure adequate and appropriate coordination of releases of information about the Program by a student who, by virtue of his or her position, may be deemed to be speaking on behalf of the Program.

 

Transfer of technology to foreign nationals

Disclosure of regulated technology, as defined in the International Traffic in Arms Regulation (ITAR), to foreign nationals may be considered an export disclosure under the ITAR and subject to U. S. Government licensing. It is the responsibility of ISU students and faculty working with foreign nationals to follow procedures necessary to ensure that there is no transfer of technical information, data, or technology beyond that which is authorized by the ITAR or for which a license has been duly issued by the appropriate department of the U. S. Government.

 

Use of computer systems and networks

ISU supplies its students with access to University-owned computer systems and networks for their use in accomplishing the studies and projects to which they have been assigned by the Program. The ISU computers, software, telecommunications networks, and electronic mail systems are to be used only for official ISU studies. Non-ISU-owned electronics, software, equipment or computers are not to be introduced into, placed upon or connected to ISU computers, systems or networks without the prior written permission of the University. Electronic mail accounts provided to students by ISU are intended for exchanges related to their academic endeavors, not for personal communication or other inappropriate activities. Access to the Internet and the World Wide Web provided to students by ISU is intended for academic research only, not for personal access, downloading, uploading, or other inappropriate activities. ISU reserves the right to audit and monitor the use of computers, systems, networks, electronic mail accounts, and access to the Internet or the World Wide Web without notice to ensure proper usage.
 

Accessing computers or networks

Certificate students must have proper authorization and follow specified procedures in accessing computers and computing networks whether the computers or networks are owned by ISU or by a third party. Students who exceed their authorized access will be subject to disciplinary action up to and including expulsion from the Program.
 

Summary

It is imperative that ISU and its students conduct the University’s academic activities in accordance with the highest possible ethical and legal standards. Every student is responsible for ensuring that his or her personal conduct is above reproach. Violations of the standards described in this Code of Conduct should be made known immediately to the appropriate faculty member(s) or to Professor Corey Schou. ISU takes its ethical obligations very seriously. Violations will not be tolerated and will result in disciplinary action appropriate to the violation.

All material on this site is copyright unless otherwise noted.
Please respect the authors rights by requesting permission for use and ensuring proper attribution and credit.