University of Tennessee at Chattanooga Acceptable Use Practices (AUP)
System and Network Administrator Responsibilities
Each system and network administrator is responsible for ensuring appropriate security is enabled and enforced to protect the UTC network to which it is connected and UTC Technology Resources.
System and network administrator privileges on UTC Technology Resources confer substantial authority as well as responsibility for all other connected systems and networks. When an incident is reported or discovered, the system or network administrator should inform the UTC ISO and then take immediate steps to resolve the situation. If an incident is discovered by or reported to the ISO regarding a system or network, the responsible system or network administrator will be contacted to resolve the situation. In either case, after the incident has been resolved, it is the system or network administrator’s responsibility to provide the ISO or designee a written report of the incident and its resolution for the use of the Computer Security Committee.
In an emergency situation, the UTC Information Security Officer (ISO) or designee may direct that systems in which intrusions have been detected or that are not properly maintained for security vulnerabilities be disconnected from all other UTC Technology Resources to isolate the intrusion and to protect other systems connected to the network until assurance can be made that the problem has been adequately resolved and will not reoccur.
System and network administrators are responsible for the implementation of appropriate technical security on their computer systems. They must make every effort to remain familiar with the changing security technology that relates to their system and continually analyze technical vulnerabilities and their resulting security implications. Stored authentication data (e.g., password files, encryption keys, certificates, personal identification numbers, access codes) must be appropriately protected with access controls, encryption, shadowing, etc.
Systems and network administrators or designated security officers may supplement this document with unit-specific and/or more stringent guidelines for their users but cannot lessen these principles. System and network administrators and designated security officers are encouraged to obtain applicable security training.
System and network administrators shall perform their duties fairly, in cooperation with the user community, the University administration, and in accordance with University policies. System and network administrators shall respect the privacy of users unless investigating reports of abuse of privileges and must refer all substantiated violations to the ISO, who will forward the violation to the appropriate authority (e.g., campus police department, appropriate office for student conduct matters, and UTC Human Resources, etc.) for disciplinary action. For all incidents suspected to involve illegal activity, the UTC Police will be notified by the ISO.
