3710 Network Security
The purpose of this policy is to secure communication devices and data on the Campbell County School District network and to assure that critical information is backed up, protected, and data flow is not interrupted by unauthorized access.
Network Security, Data Backup and Storage, Access Control, Encryption, and Password Management
1. All information traveling over District computer networks that has not been specifically identified as the property of other parties will be treated as a District asset. It is the policy of the District to prohibit unauthorized access, disclosure, duplication, modification, diversion, destruction, loss, misuse, or theft of this information.
2. In addition, it is the policy of the District to protect information belonging to third parties that has been entrusted to the District in confidence.
3. The District requires data sensitive systems to have an exact, retrievable copy. The backed up data must be stored in a secure offsite location and ensure that the appropriate access controls are implemented to only allow authorized access to all such data.
4. The computer and communications system privileges of all users, systems, and independently operating programs (such as "agents") must be restricted based on a need-to-know basis.
5. The District will maintain sensitive information to allow access only to those persons or software programs that have been granted access rights as specified by regulation or business process. This will apply to all systems, network, and applications, as well as all facilities which process, store, or transmit sensitive information.
6. Campbell County School District will protect “data in motion” by implementing a combination of solutions that may include Virtual Private Networks (VPNs), Secure Sockets Layer (SSL) and other technologies. Campbell County School District will identify systems that require sensitive information to be encrypted for the purpose of transmission.
7. All staff must employ password-based access controls when accessing systems that store or transmit sensitive information.
Failure to comply with this or any other security policy will result in disciplinary actions. Legal actions also may be taken for violations of applicable regulations and standards such as state and federal rules to include the Family Educational Rights and Privacy Act (FERPA).
ADOPTION DATE: September 27, 2016
ADMINISTRATIVE REGULATION: 3710-R