Northern Maine Community College
Information Technology Office
Support Location and Hours of Operation
The Information Technology Office can be found just off the main lobby in the A.K. Christie Building.
Office support hours are Monday through Friday from 8:00AM to 4:00PM.
Release of Information
Due to the highly confidential information available to those with network access, it is the policy of the NMCC IT Office to verify a person’s identity before releasing secure information. Users will be asked to present a valid photo ID to receive information such as network or email login credentials. Information will not be given over the phone, by email or to parties requesting it on a user’s behalf.
In addition, this information can only be given to the user in one of three ways:
In person at the NMCC Main Campus in the Information Technology office;
By regular mail, to the address maintained on file in the Registration office;
Through an Off-Campus Center director who will be bound by the same conditions above.
General Technology Policy
Use of Northern Maine Community College technology resources are for the sole purpose of delivering the college's mission of research, teaching and learning, and civic engagement as outlined in the MCCS Acceptable Use Policy. Eligible individuals are provided access in order to support their studies, instruction, duties as employees and other official business with the college. Individuals may not share with, or transfer to others, their account information including network IDs, passwords, or other access codes that allow them to gain access to information technology resources.
Technology resources may not be used in a manner that violates the law, for private commercial activities that are not approved by the school, for personal private gain, interference with the fulfillment of an employee’s job responsibilities or activities that are inconsistent with the college's tax-exempt status. Additionally, the acceptable use policy must be adhered to at all times to ensure the network is being used appropriately.
College Owned Computers
The technology staff is responsible for supporting the college-owned computers, telecommunication equipment, controls, networks and network infrastructure. To report a problem, users will be responsible for submitting a work order via the information portal. The technology support staff will respond and take appropriate action once the work order has been submitted.
Non-College Owned Computers
The Information Technology Office may not provide support for personally owned computers and technology.
The technology support staff members are available for consultation and limited diagnostics if connecting to Northern Maine Community College technologies such as the wireless network and projectors. However, for issues other than those deemed minor by the IT staff, the owner will be directed to the original equipment provider or to local technical support vendors.
Students, faculty and staff are provided wireless network access for the purpose of accessing network storage, the Internet and other technology resources provided by the College. The campus community will have access to the wireless network using their network ID and password.
The general public and guests of the College will also be afforded an opportunity to access the wireless network. Temporary network accounts will be provided and distributed at the library circulation desk. Users not enrolled at or employed by NMCC will need a driver’s license or two other forms of unique identification to obtain the temporary network ID. These accounts are disabled after seven days and removed from the system one month after issuance.
Minimum system requirements to access the NMCC wireless network:
* Windows XP Service Pack 2
* Mac OSX
* Wireless 54 G adapter
* The following must be installed, enabled and up to date:
o Professional Antivirus (Norton, McAfee, Trend-Micro)
o Personal Firewall (Windows XP, McAfee, Zone Alarm)
Waiver of Liability
The information technology staff ensures that all controllable situations are handled professionally, however, as a user of Northern Maine Community College’s network there are factors that are beyond the College’s control. These factors may include, but are not limited to: theft of unattended equipment, unsecured data transmission, natural disasters, electrical outages or other unforeseen circumstances that may hinder or affect the network, user’s equipment, and other College technology. As a network user, you agree to hold harmless the College, its staff and/or agents for any damages or adverse affects to your equipment resulting from the use of the network, accepting consultation or problem diagnosis by the College’s technology support staff or agents.
Violation of Usage and Support Policies
The use of NMCC network is a privilege, not a right. All students, faculty, staff and general public users are expected to adhere to the Usage and Support Policy along with the Acceptable Use Policy. Inappropriate use may result in a cancellation of those privileges and/or disciplinary action may be taken.
NMCC Acceptable Use Policy for College Information Resources
Primary Goal of Information Resources:
To support and enhance the educational activities of NMCC by providing access to additional resources, both within and external to NMCC and extending the opportunity for collaborative work.
The college encourages the use of college resources for these primary activities. These resources include, but are not limited to, hardware (including telephones, computers, and traditional media equipment) either owned or leased by the college, software, and consulting time (and expertise) of the computer staff.
The use of technology resources provided by the college for endeavors not directly related to enhancing and facilitating teaching, collaborative work, and applied research should be considered as secondary activities. Should such secondary activities in any way interfere with primary activities, they may be terminated or limited immediately.
Many of the technology resources of the college are shared among the entire college community. Everyone using those resources should be considerate of the needs of others and be certain that nothing is done to impede anyone else's ability to use these resources.
Such impediments may include, but are not limited to:
- activities that obstruct usage or deny access to others
- activities that compromise privacy
- activities that harass
- activities that are libelous
- attempting to "hack" into any computer either at the College or elsewhere
- activities that violate copyright laws
- activities that violate college rules
- destruction or alteration of data or information belonging to others
- activities that violate local, state, or federal laws
- unauthorized use of computer accounts
- impersonating other individuals
- creating, using or distributing, virus programs or programs that attempt to explore or exploit network security and/or other vulnerabilities
- attempts to capture or crack passwords or break encryption protocols
- allowing anyone else to use any of your account(s)
- extensive use of resources for private or personal use
Questions or Problems:
The Information Technology Office, instructors, advisors, and supervisors can help clarify this policy or to help you resolve any other problem you encounter in using NMCC computing services and facilities.
Violation of Policy:
Any user who does not adhere to the Acceptable Use Policy(s) for the network(s) that the user is connected to may have his/her access to the NMCC network terminated. The use of NMCC network is a privilege, not a right, and inappropriate use may result in a cancellation of those privileges and/or disciplinary action taken under the MCCS policies and procedures and/or the NMCC Student Code of Conduct.
The NMCC policies recognize and amplify the MCCS Computer Network Acceptable Use Policy.
MAINE COMMUNITY COLLEGE SYSTEM
SUBJECT: COMPUTER AND NETWORK USE
PURPOSE: To promote the responsible use of college and System computers and networks
As with any college system, the MCCS seeks to enhance opportunities for individual and collaborative learning and research. As a public institution with limited resources and distinct policy and legal obligations, the MCCS also needs to ensure that such uses are consistent with those resources and obligations. The goal of this policy is to balance these interests and promote responsible and secure use for all.
This policy applies to:
1. Each college and other entity of the MCCS;
2. All computing resources owned or operated by the MCCS including, but not limited to, all hardware, software, peripherals, networks, network components, accounts, physical and logical data, e-mail and all other data or information transmitted by such equipment (“computers”);
3. All employees, students and other persons who use such computers (“users”); and
4. In addition to any other computer use policy adopted by entities within the MCCS, and by entities outside the MCCS that operate resources accessed through or from the MCCS.
B. General Rules
1. Educational Priority
The priority use of MCCS computers is to provide direct support for learning, teaching and administration of MCCS programs. Such priority will govern access to MCCS computers.
2. Use is a Privilege, Not a Right
Use of MCCS computers and accounts thereon is a privilege, not a right. This privilege is limited by the provisions of this policy, any other pertinent policy or law, and may be withdrawn for violation thereof.
3. Limited Right of Privacy
Users may not have an expectation of privacy in their use of MCCS computers or networks. For example, the MCCS reserves the following rights:
a. Periodic Network Monitoring
The MCCS reserves the right to monitor periodically, randomly and without notice use rates, patterns, speed and system capacity to ensure the efficiency or integrity of the MCCS network and its computers. Such monitoring may proceed only by a person expressly authorized by the MCCS or college president;
b. Inspection of a Particular Account or Computer
The MCCS reserves the right to inspect those accounts, computers or files that the MCCS has reason to believe are misused, corrupt or damaged. Such inspection may proceed only by a person expressly authorized by the MCCS or college president and as advised by the MCCS general counsel; and
c. Access by Outside Agencies
User accounts, computers or files may also be subject to access in response to subpoenas, court orders, or other legal or regulatory requirements. Users will be notified as promptly as possible, unless notification is precluded by such subpoena or order.
4. Limited Designated Forum
The MCCS computer network constitutes a limited designated forum. This forum is designated for the limited purpose of helping students pursue, faculty to provide, and non-teaching staff to support the colleges’ education, training and related programs.
5. Time, Manner and Place Limitations
The MCCS reserves the right to limit certain uses on or through the MCCS computers at those times and locations that the MCCS determines are necessary to regulate system capacity and speed. These limitations apply, but are not limited to, the downloading of video, music, photographic and other large data files.
6. Website and Webpage Development and Management
Any website, web page or other portion of a website hosted by a server owned, operated or maintained by a college or the MCCS is the property and speech of the MCCS, and the MCCS reserves all rights to control the access to, content of, and all other aspects regarding such web pages or websites. The Presidents Council may adopt a procedure for controlling the development and management of such web pages and websites, including standards controlling links to web pages and/or websites that are not owned, operated or maintained by a college or the MCCS.
C. Specific Prohibitions
Conduct that violates this policy includes, but is not limited to, the following:
Displaying, downloading, printing or distributing obscene, sexually explicit or sexually offensive images or text in a manner that constitutes sexual harassment or other violation of law;
- Violating copyright laws, including the unlawful reproduction or dissemination of copyrighted text, images, music, video and other protected materials;
Using System computers for commercial activity, such as selling products or services;
Unauthorized access to or use of a computer, computer account or network;
Connecting unauthorized equipment to a college or MCCS network;
Unauthorized attempts to circumvent data protection or security including, but not limited to, creating or running programs that identify security loopholes or decrypt secure data;
Deliberately or negligently performing an act that will interfere with the regular operation of a computer;
Deliberately or negligently running or installing a program that, by intent or effect, damages a computer, system or network. This includes, but is not limited to, programs known as computer “viruses,” “trojan horses” and “worms;”
Deliberately or negligently wasting computing resources;
Deliberately or negligently overloading computing resources, such as running excessive programs that use relatively substantial bandwidth and other resources. This includes, but is not limited to, peer-to-peer applications;
Violating terms of applicable software licensing agreements;
Using electronic mail to harass or threaten another person or organization;
Initiating or perpetuating electronic chain letters or unauthorized mass mailings. This includes, but is not limited to: multiple mailings to news groups, mailing lists or individuals; “spamming;” “flooding;” and “bombing;”
Misrepresenting or misappropriating the identity of a person or computer in an electronic communication;
Transmitting or reproducing materials that are libelous or defamatory;
Unauthorized monitoring of another user’s electronic communications; or reading, copying, changing or deleting another user’s files or software without authority;
Communications that use public resources to promote partisan political activities;
Communications that are not otherwise protected by law because they constitute, for example, defamation, incitement to unlawful conduct, an imminent threat of actual violence or harm, fighting words, terrorist threats, gross disobedience of legitimate rules, criminal or severe civil harassment or false advertising; and
19. Otherwise violating existing laws or System policies.
Violation of this policy may result in the loss of computing and/or network access; other disciplinary action; and/or appropriate civil or criminal legal action.
Upon recommendations of the college and System directors of information technology, the Presidents Council shall adopt a procedure that provides adequate uniform security for all System and college computers and networks.
REFERENCES: 20-A M.R.S.A. §12706(1)
DATE ADOPTED: June 24, 2009
MAINE COMMUNITY COLLEGE SYSTEM
SUBJECT: NOTICE OF RISK TO PERSONAL DATA
PURPOSE: To establish a procedure to provide notice of risk to personal data
This Procedure complies with the provisions of the Notice of Risk to Personal Data Act.
As used in this Procedure, the following terms have the following meanings:
A. Breach of System Security
"Breach of system security" means an:
1. Unauthorized acquisition of College or System computerized data that compromises the security, confidentiality or integrity of an individual’s personal information maintained on a College or MCCS computer; and/or
2. Authorized acquisition that is then used for an unauthorized disclosure of such personal information.
B. Personal Information
"Personal information" means the following information about an individual when such information is not encrypted or redacted:
1. First name or first initial; and
2. Last name; and
3. Any one or more of the following:
a. Social security number;
b. Driver's license number or state identification card number;
c. Account number, credit card number or debit card number, if such a number could be used without additional identifying information, access codes or passwords;
d. Account passwords or personal identification numbers or other access codes; or
e. Any of the data elements contained in paragraphs a through d above when not in connection with the individual's first name, or first initial, and last name, if the information if compromised would be sufficient to permit a person to fraudulently assume or attempt to assume the identity of the person whose information was compromised.
"Personal information" does not include information available to the general public from federal, state or local government records, widely distributed media, or other lawful source.
C. Unauthorized Person
"Unauthorized person" means a person who:
1. Does not have authority or permission to access such personal information; and/or
2. Obtains access to such personal information by fraud, misrepresentation or similar deceptive practice.
D. Information Broker
“Information broker” means any person who, on behalf of a College or the MCCS, maintains computerized data that includes personal information.
III. Duty to Investigate
If an information broker becomes aware of a breach of system security, the information broker shall promptly contact the College and/or MCCS Director of Information Technology. Such Director shall then promptly inform the College President and commence a reasonable and good faith investigation to determine the likelihood that personal information has been or will be misused.
IV. Duty to Notify
If a College and/or MCCS Director of Information Technology determines that it is likely that personal information has been or will be misused as result of a breach, the College or MCCS Director of Information Technology shall provide the following notice.
A. Content of Notice
The notice shall contain the date of the breach; the information believed to be accessed; a summary of the college’s efforts in response to the breach; and a College or MCCS contact who upon request can provide additional information.
B. Recipients of Notice
The above notice shall be provided to:
1. A person whose personal information has been, or is reasonably believed to have been, acquired by an unauthorized person; and
2. The MCCS Director of Information Technology, who in turn shall notify the MCCS President; and
3. The MCCS General Counsel, who in turn shall notify the Maine Attorney General’s Office; and
4. In breaches affecting more than 1,000 persons at a single time, the following consumer reporting agencies shall also be notified:
P.O. Box 2002
Allen, TX 75013-2002
b. Trans Union
P.O. Box 1000
Chester, PA 19022
P.O. Box 740250
Atlanta, GA 30374-0250
However, the notice to these agencies shall only include the following: date of the breach, an estimate of the number of persons affected by the breach, if known, and the actual or anticipated date that persons were or will be notified of the breach.
C. Timing of Notice
Notice shall be given as expediently as possible once a College and/or MCCS Director of Information Technology determines that it is likely that personal information has been or will be misused as result of a breach. However, such timing shall be determined consistent with any:
1. Known legitimate needs of law enforcement; and
2. Measures necessary to determine the scope of the security breach and restore the reasonable integrity, security and confidentiality of the data in the system.
D. Means of Notice
Notice shall be by U.S. Mail to last known address. If, however, the cost of providing such notice would exceed $5,000, or if the number of persons to receive notice exceeds 1,000, or if the College and System does not have such an address, the following notice may be given instead:
1. E-mail notice to those whose email addresses are known; and
2. Conspicuous posting of the notice on the College’s or System’s publicly accessible website; and
3. Notification to major statewide media.
V. Complete Copy of the Law
For a complete copy of the Maine law governing this subject, see 10 MRSA §§1346-50-A available at http://janus.state.me.us/legis/statutes/10/title10ch210-B.rtf.
REFERENCES: 10 M.R.S.A. §§1346-50-A
DATE ADOPTED: January 24, 2007
DATE(S) AMENDED: January 26, 2010
Your local Time Warner Cable affiliated cable operator ("Operator") seeks to create and foster an on-line community that can be used and enjoyed by all its cable modem customers across all ISPs offered by Operator. To further that goal, Operator has developed an Acceptable Use Policy. Although much of what is included here is common sense, Operator takes these issues very seriously and will enforce its rules to ensure enjoyment by all of its members. Operator reserves the right to suspend or cancel a subscriber's account for engaging in inappropriate conduct.(Subscribers, of course, also remain legally responsible for any such acts.) In using the services of any ISP as provided over Operator's cable network (the "ISP Service"), subscribers accept this non-exhaustive list of restrictions as well as those set forth in Operator's Cable Modem Subscription Agreement and agree to use the ISP Service only for lawful purposes and not to use or allow others to use the ISP Service in violation of the following guidelines:
- Unless you have specifically subscribed for commercial grade service, the ISP Service is provided to you for personal, non-commercial use only. The service cannot be used for any enterprise purpose whatsoever whether or not the enterprise is directed toward making a profit. If it is your intention to use this service for these purposes, please contact Operator to inquire whether commercial grade service programs are available.
- The ISP Service may not be used to engage in any conduct that interferes with Operator's ability to provide service to others, including the use of excessive bandwidth.
- The ISP Service may not be used in a manner that interferes with Operator's efficient operation of its facilities, the provision of services or the ability of others to utilize the ISP Service in a reasonable manner. Operator may use various tools and techniques in order to efficiently manage its networks and to ensure compliance with this Acceptable Use Policy (“Network Management Tools”). These may include detecting malicious traffic patterns and preventing the distribution of viruses or other malicious code, limiting the number of peer-to-peer sessions a user can conduct at the same time, limiting the aggregate bandwidth available for certain usage protocols such as peer-to-peer and newsgroups and such other Network Management Tools as Operator may from time to time determine appropriate.
- The ISP Service may not be used to breach or attempt to breach the security, the computer, the software or the data of any person or entity, including Operator, to circumvent the user authentication features or security of any host, network or account, to use or distribute tools designed to compromise security, or to interfere with another's use of the ISP Service through the posting or transmitting of a virus or other harmful item to deliberately overload or flood that entity's system.
- In using the ISP Service, you may not use an IP address or client ID not assigned to you, forge any TCP/IP packet header or any part of the header information in an e-mail or newsgroup posting or probe, scan or test the vulnerability of any system or network by the use of sniffers, SNMP tools or any other method.
- The ISP Service may not be used to post or transmit content that violates child pornography statutes or contains graphic visual depictions of sexual acts or sexually explicit conduct involving children, or other depictions of children, the primary appeal of which is prurient. Complaints regarding the posting, distribution, or availability of child pornographic material should be submitted to firstname.lastname@example.org.
- The ISP Service may not be used to upload, post, transmit or otherwise make available any materials or content that violate or infringe on the rights or dignity of others. These include, but are not limited to, materials infringing or compromising intellectual property rights or the ability to maintain trade secrets and other personal information as private; the ability to avoid hate speech; threats of physical violence; harassing conduct; sexually oriented material that is offensive or inappropriate; and unsolicited bulk e-mail.
- The ISP Service may not be used to engage in or foster any consumer fraud such as illegal gambling, “Make Money Fast” schemes, chain letters, Pyramid, or other investment schemes, or to make or encourage people to accept fraudulent offers by e-mail, USENET or other means, of products, items or services, originating from your account, or through a third party which implicates your account or to post or transmit off-topic or commercial messages on bulletin boards.
You may not engage in any of the above activities using the service of another ISP, while channeling such activities through your ISP Service account or using this account as a mail drop for responses.
NEARnet Network ACCEPTABLE USE POLICY
This statement represents a guide to the acceptable use of the NEARnet network for data communications. It is only intended to address the issue of NEARnet network use. In those cases where data communications are carried across other regional networks or the Internet, NEARnet network users are advised that acceptable use policies of those other networks apply and may limit use.
Member organizations are expected to inform their users of both the NEARnet network and the NSFNET acceptable use policies.
D.-I NEARnet Network Primary Goals
D. 1. 1 The NEARnet network has been established to enhance educational and research activities, and to promote regional and national innovation and competitiveness. The NEARnet network provides access to regional and national resources to Members, and access to regional resources from organizations throughout the United States and the world.
P>D-2 NEARnet Network Acceptable Use Policy
D.2.1 All use of the NEARnet network must be consistent with NEARnet's primary goals.
D2.2 It is not acceptable to use the NEARnet network for illegal purposes.
D.2.3 It is not acceptable to use the NEARnet network to transmit threatening, obscene, or harassing materials.
D.2.4 It is not acceptable to use the NEARnet network so as to interfere with or disrupt network users, services or equipment. Disruptions include, but are not limited to, distribution of unsolicited advertising
propagation of computer worms and viruses, and using the network to make unauthorized entry to any other machine accessible via the network
D.2.5 It is assumed that information and resources accessible via the NEARnet network are private to the individuals and organizations which own or hold rights to those resources and information unless specifically stated otherwise by the owners or holders of rights. It is therefore not acceptable for an individual to use the NEARnet network to access information or resources unless permission to do so has been granted by the owners or holders of rights to those resources or information.
D.3 Violation of Policy
D.3.1 BBNTSI will review alleged violations of Acceptable Use Policy on a case-by-case basis. Clear violations of policy which are not promptly remedied by Member organization may result in termination of that Member's access to the NEARnet network and related services.
NSFNET BACKBONE ACCEPTABLE USE POLICY
(1) NSFNET Backbone services are provided to support open research and education in and among US
research and instructional institutions, plus research arms of for-profit firms when engaged in open scholarly communication and research. Use for other purposes is not acceptable.
SPECIFICALLY ACCEPTABLE USES:
(2) Communication with foreign researchers and educators in connection with research or instruction, as long as any network that the foreign user employs for such communication provides reciprocal access to US researchers and educators.
(3) Communication and exchange for professional development, to maintain currency, or to debate issues in a field or subfield of knowledge.
(4) Use for disciplinary-society, university-association, government-advisory, or standards activities related to the user's research and instructional activities.
(5) Use in applying for or administering grants or contracts for research or instruction, but not for other fundraising or public relations activities.
(6) Any other administrative communications or activities in direct support of research and instruction.
(7) Announcements of new products or services for use in research or instruction, but not advertising of any kind.
(8) Any traffic originating from a network of another member agency of the Federal Networking Council if the traffic meets the acceptable use policy of that agency.
(9) Communication incidental to otherwise acceptable use, except for illegal or specifically unacceptable use.
(10) Use for for-profit activities (consulting for pay, sales or administration of campus stores, sale of tickets to sports events, and so on), or use by for-profit institutions unless covered by the General Principle or as a specifically acceptable use.
(11) Extensive use for private or personal business.
This statement applies to use of the NSFNET Backbone only. NSF expects that connecting networks will formulate their own use policies. The NSF Division of networking and Communications Research and Infrastructure will resolve any questions about this Policy or its interpretation.