Georgia Tech IT Resource users (IT Resource users include both students and employees) are responsible for protecting the security of all data and IT Resources to which they have access.  This includes implementing appropriate security measures on personally owned devices which access Georgia Tech IT Resources. All users must follow the Security Procedures and Standards published by Georgia Tech Cyber Security including the Georgia Tech Protected Data Practices.  In addition, users must keep their accounts and passwords secure in compliance with the Institute Password Policy.

Georgia Tech employees may grant IT Resource guest access to third parties (e.g., visiting scholars).  Any Georgia Tech employee who grants guest access to IT Resources is responsible for the actions of their guest users.

Research
Georgia Tech recognizes the value of research in the areas of computer and network security. During the course of their endeavors, researchers may have a need to work with malicious software and with systems that do not adhere to the security standards as prescribed by the Chief Information Security Officer. Researchers are responsible for their actions and must take all necessary precautions to ensure that their research will not affect other Georgia Tech IT Resources or users.  In addition, researchers are responsible for making all appropriate notifications to those that may be affected by their research (see Responsible Disclosure Policy).

Network Management
The Office of Information Technology (OIT) is responsible for planning, implementing, and managing the Georgia Tech network, including wireless connections.

The following network appliances cannot be implemented at Georgia Tech without prior written approval by OIT or a Unit’s IT lead:

• Routers
• Switches
• Hubs
• Wireless access points
• Voice over IP (VOIP) infrastructure devices
• Intrusion detection systems (IDS)
• Intrusion prevention systems (IPS)
• Virtual Private Networking (VPN)
• Consumer grade network technologies
• Other networking appliances that may not be included in this list

Units or individuals who install any of the technologies listed above are responsible for capturing network traffic logs and storing them for a minimum of 365 days or an appropriate amount as negotiated with the OIT network team.  Network traffic logs should include the following information:

• Source MAC address
• Source and destination IP address
• Physical interface (where applicable)
• Date and time
• User account where available (e.g. VPN logs)

System Administration
Every Institute owned IT Resource (including virtual resources such as virtual machines and cloud based services) must have a designated system administrator.  The Institute expectation is that every Institute owned IT Resource will be professionally managed by the unit technical support team unless prevailing regulations dictate otherwise. 

The system administrator is responsible for proper maintenance of the machine, even if the system administrator is not a member of the unit technical support team.  This responsibility must be acknowledged and documented.  In addition, the machine must be accessible to the unit technical support team for incident management purposes unless legal restrictions will not allow such access. 

Negligent management of an Institute owned IT Resource resulting in unauthorized user access or a data breach may result in the loss of system administration privileges.

System administration responsibilities for all Institute owned IT Resources, including those that are self-administered include the following found here: System Administration Responsibilities.