Policy on disconnecting a computer or device from the network
Campus IT staff must take immediate action to mitigate any threats that have the potential to pose a risk to campus information system resources. For that purpose, the campus reserves the right to monitor network traffic to ensure appropriate use and network security.
The computer(s) posing the threat may be disconnected from the network.
Campus IT staff has the authority to evaluate the seriousness of any threat to campus information system resources and to take action to mitigate that threat. Action taken has to properly balance the risk level associated with that threat and the negative impact of disconnecting the computer(s) from the network. The threat is sufficient to invoke the appropriate procedures if one or more of the following occurred:
- The performance of the network has degraded;
- System administrative privilege has been compromised;
- Denial of Service or a similar attack has been launched;
- Confidential information is being collected.
If the threat is immediate, the offending computer(s) will be blocked immediately and notification will be sent to the departmental security contact. If the threat is not immediate, only notification of the threat will be sent. If a satisfactory response is not received within 4 hours, the offending computer(s) will then be blocked. If a block has been put in place it will be removed when both the department and IT staff agree that the problem has been eliminated.
If a department feels that a computer has been inappropriately blocked it may request a review of the decision by the Chief Information Officer. If, after the review, there is still a disagreement with the decision, it may be further reviewed by the Provost.