Information Security

Information Security

Developing literacy around information security is critical in today’s environment. It is important to remain educated and informed in the continued rise in vulnerabilities and threats that may impact your data and Colleges services. The following resources can be used as an educational model to provide awareness of information security.

 

PROTECTING  CSI

Image
caution

283 Security Alerts generated from external sources

5983 Help Desk Tickets resolved in the last year
133 Emails Blocked for Containing Viruses
Image
lock

893,892 Malicious/SPAM/Phishing emails blocked from inboxes over the last year. 

Image
computer

3441 Computer and mobile devices monitored for the last 6 months

29,627 Emails Quarantined  over the Last Year
 13,941 Critical Vulnerabilities and 54,614 High Vulnerabilities.  

State of Cybersecurity at CSI

In order to adhere to security policies and mitigate potential vulnerabilities at the College of Staten Island, the Information Technology Services (ITS) department has implemented a "script" to address these challenges. CSI is continuously implementing remediation steps, as well as ongoing procedures and processes to tackle critical and high vulnerabilities. A report detailing the outstanding vulnerabilities and a mitigation strategy is submitted to the central office. While significant progress has been made, there are still additional security vulnerabilities that need to be addressed. These include removing unsupported software, operating systems, and outdated hardware, which will be handled by the life cycle replacement project. To ensure the security of your office machines, please make sure to regularly restart them in order to apply security patches to Internet browsers and software. 

The College uses spam detection appliances from ProofPoint to quarantine unsolicited emails.    Messages that contain inappropriate content are sent to your personal Spam Quarantine. You will receive an email notification in your Inbox to let you know you have messages in Quarantine

Student Email Authentication
At this time, authentication is required for students to access their College email account.  This page has Instructions for MFA Student Email Authentication.


Faculty & Staff Computer Login Authentication
The College of Staten Island continues to move forward with efforts to protect your digital identity and related college material.  Information Technology Services enabled multi-factor authentication (MFA) for your computer login (FLAS account) when you are on campus or remoting to your office computer.

Multi-factor authentication (MFA) is a security enhancement that requires two forms of verification when logging in to your office desktop and adds critical protection for your sign-on credentials.  MFA is being deployed to conform to the CUNY security policy.  
 
Please contact the HelpDesk for Technology Support (718.982.HELP) or the Technology Training Center (718.982.2345) for training assistance.

Authentication Methods

The Microsoft Authenticator app helps you sign in to your accounts when you're using two-step verification. Two-step verification helps you to use your accounts more securely because passwords can be forgotten, stolen, or compromised. Two-step verification uses a second step like your phone to make it harder for other people to break in to your account. You can use the Authenticator app in multiple ways:

  • Two-step verification: The standard verification method, where one of the factors is your password.  After you sign in using your username and password, utilizing your phone, you will then have to provide a verification code generated by the app.

Microsoft Authenticator App
This method allows you to use a 6-digit code generated by the Microsoft Authentication app.  It requires downloading the app to your mobile device and scanning a QR code.
Click on Set up and follow the prompts.

Don’t Open Unexpected Attachments

Viruses are often sent via email attachments.  Do not open an attachment unless you are expecting it AND you know who it is from. If you receive an attachment from someone you don’t know, delete it immediately without opening it.

Beware of Spoof Emails or Phishing

An email that looks as if it came from someone you know, doesn’t necessarily mean that it did 

Don’t Send Sensitive Data in Email

When you send a message, you no longer have control over what is done with it or to whom it is forwarded. Also the contents of email is not secure by default.

Avoid clicking on links in the body of an email message

Replying to, clicking on links within, or even attempting to unsubscribe from spam emails typically only informs the sender that they have found an active email address to which they'll send more spam emails. Instead, report the message as spam.

Don't send confidential information by email

Confidential or sensitive information such as passwords, bank account numbers, and social security numbers should NEVER be sent by email. CenturyLink, PayPal, and your bank are examples of companies that will never ask for personal information in an email. If you get a request like this, it is a scam. Mark the message a spam and delete it.

Use anti-virus software

We highly recommended that you install and maintain good and well-respected anti-virus software on your computer to prevent infection. Scan all email attachments with an anti-virus program before downloading, even if they come from someone you know.

Keep passwords secure

It's recommended to change your passwords at least every 60 days, particularly if you currently view and manage your email on a public computer. Use a mix of letters and numbers, as those passwords are harder to break. The password should not be easy to guess. Never share your password with anyone.

Keep away from open WiFi

When you're connected to a public and open WiFi network, there is increased potential for hackers to access your accounts. It's best to avoid connecting to these networks entirely. If you do connect, don't sign into any accounts with sensitive information stored.

As a general rule of thumb:

  • Trust your instincts: Attackers are constantly releasing new viruses. If you think something looks suspicious, don’t open it. Email IT helpdesk to be sure.
  • If you are unsure who an email is from – even if it appears accurate – do not respond.
  • Think before you act: Be cautious of communications that implore you to act immediately. Phishing emails attempt a sense of urgency.
  • Be in communication: Reach out to the person directly separately to see if the email came from that individual
  • MFA; MFA; MFA
  • Be wary of hyperlinks: Don’t click on them if you are unsure of the authenticity

If you suspect that you received a phishing email, please contact spam@csi.cuny.edu 

View this list to see some phishing (fake) emails that have been spotted at CSI

Computer Account Password Policy:

College Email Policy

The College of Staten Island e-mail address issued to faculty, staff, and students constitutes an electronic vehicle for College communication. Faculty, staff, and students are expected to read e-mail sent to their  College email accounts regularly to keep abreast of important College information.

In the interest of network and personal security, password changes will not be done over the phone or via email.

Policy on Electronic Communications 

  • E-mail network access is for the exclusive use of CSI students, faculty and staff.
  • College of Staten Island/CUNY cannot guarantee that e-mail communications are private, confidential or free from legal considerations.
  • Transmitting copyrighted software or other copyrighted material on the network without authorization is prohibited.
  • E-mail users will be responsible for e-mail transmitted under their IDs.
  • The use of the College e-mail network for sending or storing messages, which are harassing, obscene or fraudulent, is prohibited.
  • Retrieving, diverting, or reading correspondence addressed to others is prohibited.
  • Willfully or maliciously degrading the performance of the network is prohibited.
  • All e-mail correspondence, which exceeds the capacity of the mailbox, will be deleted without notice.
  • All undeliverable e-mail will be removed and purged by the E-mail System Administrator.
  • E-mail software, the network, and all hardware are subject to inspection without notice by authorized employees, representatives, or agents of the College of Staten Island/CUNY.
  • The CSI e-mail network requires monitoring and periodic servicing by the E-mail System Administrator and his/her representative. The administrator or representative may need to shutdown the system for periodic maintenance and system upgrades. During the troubleshooting of e-mail problems, the administrator may be required to monitor e-mail activity.

Email Quota

  • All active faculty and staff will receive an M365 email account with a mailbox quota size of 1 GB during the initial creation of the email account as per CUNY policy. 
    • Staff - CUNY is automatically giving almost all users A5 by default. Some users are getting A1 such as POIs. And some users still have A1 from when we assigned it to them at migration. 
    • A5 is 100GB and A1 is 50GB
    • Students are being given A1 which is 50GB
  • Deleted email is retrievable for 30 days
  • Attachments in email broadcasts, such as newsletters and flyers, could also be uploaded into your CUNY OneDrive or CUNY DropBox accounts. Onedrive is part of M365 and has a 100GB limit. This will create a link to be placed in the email. It is the responsibility of the individual to manage these accounts. 
  • Effective February 1, 2024, users of Office 365 A1 will be limited to a maximum of 100GB of OneDrive storage within the institutional tenant's 100TB of pooled storage. Institutions will have the option to purchase additional incremental storage based on their needs.
  • Upon request IT will raise the individual’s email quota based on an assessment of the user’s due diligence of performing normal “housekeeping” such as emptying the Deleted Items folder, and deleting large email items from their Inbox and Sent Items folders.

 

Emeritus Faculty

Upon written request to the Vice President of Information Technology and agreement to adhere to City University of New York acceptable use policy, the College of Staten Island will continue to provide a Faculty email account to Emeritus Faculty. 

Retiree Email

Employees, such as those in the Executive Compensation Plan and non-teaching instructional staff titles such as Higher Education Officer series, College Laboratory Technician series, Research Associates and Research Assistants will be given a one-time option at the time of retirement (during the off-boarding/exit interview process), to request a retiree e-mail.

Identity Theft & Cyber Security

What is identity theft?

Identity theft is a crime in which an imposter obtains such key pieces of information as a Social Security number, driver's license number, or credit card number to obtain merchandise and services, credit, and loans in the name of the victim. For more information, including a link to an informative 30 minute Information Security Awareness Presentation, please visit:

Introduction

A security policy is necessary to maintain a protected network and prevent malicious attacks against software and hardware connected to CSI’s network. CSI is a part of CUNY's network.  Network connections to compromised systems are disabled when they are identified and not reconnected until they are secured. This security policy is framed to assist in maintaining a secure network and addresses many issues dealing with computer use including but not limited to the following issues:

  • Who can connect a computer workstation to CSI's LAN and what are the computer user's responsibilities?
  • Who can connect a server to CSI's LAN and what are the server administrator and other user's responsibilities?
  • Who can access campus based servers from off campus and how this connection is established?
  • What are Internet users responsibilities, i.e.: What can the Internet and e-mail be used for?

Internet / Intranet Security Policy

The resources, services and interconnectivity available via the Internet, and Intranet, all introduce opportunities and risks. In response to the risks, this policy describes College of Staten Island official policy regarding Internet and Intranet security. 

Although this policy document addresses many of the security issues that are likely to be encountered, it is not possible to catalogue every conceivable security risk. The threats to information assets are continually changing. For additional information or clarification on information security issues, you are encouraged to contact the Office of Information Technology. 

Preventing security breaches is where this policy comes to the forefront. The most important function of the policy is to make all aware of Internet security issues and College Internet policies and to secure our equipment to prevent security breaches. Students, staff and faculty must be instructed to report any security weaknesses that they become aware of, either internally or from external sources. 

Scope

This policy applies to all students, staff, faculty, contractors, temporaries who use the Internet or Intranet with College of Staten Island computing or networking resources, as well as those who represent themselves as being connected -- in one way or another -- with College of Staten Island. All Internet and Intranet users are expected to be familiar with and comply with these security policies as well as the CUNY Computer User's Responsibilities. Questions should be directed to the Office of Information Technology. Violations of these policies will be subject to penalties as outlined in the CUNY Computer Users Responsibilities which can lead to revocation of system privileges, disciplinary action including dismissal, termination and criminal prosecution. This policy defines acceptable use, user responsibilities and procedures for using existing network devices and installing new devices requiring network access. The vigorous enforcement of this policy is essential to ensure reliable, secure network access to CSI's shared resources. Since a network is a shared resource that permits distributed interaction amongst disparate users, the activities of one user affects others.

General

Section 1: Network Access
Section 2: College User Resources and Responsibilities
Section 3: Network Server Access Policy
Section 4: External Access to Campus Services
Section 5: Campus Access to External Services

Section 1: Network Access
Any device that requires network access must be connected to CSI's LAN directly with a category 5 cable that runs from the device to the closet where a switch is housed. It is a violation to use hubs or any other device that shares network access amongst devices unless installed by the Office of Information Technology. This may require the installation of cabling and telecommunications equipment to terminate as per category 5 specifications. All such installation of cables and network equipment is to be directed by the Office of Information Technology and funded by the department housing the device. The Office of Information Technology reserves the right to disable any unauthorized hubs or other devices on its LAN at the network switch or port as appropriate to ensure the orderly administration and security of the LAN.

The following are procedural requirements for acquisition of new runs for network connectivity:

  • The Office of Information Technology must approve requests for new or additional network connections. The Vice President to whom the department reports must make the request in writing to the Vice President of the Office of Information Technology Services.
  • Any purchase of equipment that requires network connection must have approval from the Office of Information Technology. The Vice President to whom the department reports must make the request in writing to the Vice President of the Office of Information Technology Services.
  • A network port (jack) must exist in the room for any device requiring network access. If no port exists in the room, the device cannot be purchased without authorization from the Office of Information Technology. The Vice President to whom the department reports must make the request in writing to the Vice President of the Office of Information Technology Services.
  • Hubs and/or switches will not be permitted to connect more than one device per jack. If a hub or switch is used, the Office of Information Technology reserves the right to immediately disconnect the device from the network. Each device must have its own port to connect to the network. This requirement is essential for effective network administration to ensure a secure network environment for authorized users.
  • If a department's space is changed whether by expanding, renovating or relocating, the Office of Information Technology and the Director of Telecommunications must be consulted in the early stages of the design phase of the project. A survey of the space must be conducted for telephone and data connections required ensuring continued access to campus telephones and network resources. The Office of Information Technology will coordinate any network-related work. The department doing the project is responsible for covering all the cost associated with the network configuration including but not limited to network switches, network media connectors and other devices, jacks, and cable runs. 

Back To The Top

Section 2: College User Resources and Responsibilities Account Information 

  • User account information must not be written down and left in a place where unauthorized persons might discover it. 
  • User account information must not be shared, distributed or exchanged to anyone other than the person to whom the information was assigned. This includes College of Staten Island usernames or userids, passwords, assigned IP addresses, or any other information that may jeopardize the security of the College of Staten Island network.
  • The Office of Information Technology will assign all IP addresses. Staff and faculty are prohibited from modifying their assigned IP address, without explicit written authorization from The Office of Information Technology.
  • Staff working for vendors and system developers are responsible for providing systems, which prevent the distribution of College of Staten Island user account information to the Internet community.
  • Staff must not modify user accounts without authorization from Office of Information Technology. This includes, but is not limited to: adding new accounts, modifying existing accounts, and disabling or deleting accounts. This policy does not apply to staff who are assigned the responsibility by The Office of Information Technology to make such changes.
  • Faculty and staff will not use hubs to connect multiple devices to the network. All ports will be secured and only one device will be permitted per port.

Modification of Software
Staff must not alter, modify or delete data files, executable code, source code, or system files that can be accessed on or through the Internet or Intranet unless the staff member is the explicit owner of the file.

Special Software Tools
Unless specifically authorized by the Office of Information Technology Services, College of Staten Island staff members must not possess or use software or hardware tools that can be used to break security mechanisms. Examples of such tools are those that facilitate illegal copying of copy-protected software, unintended discovery of secret passwords, unauthorized packet capturing/sniffing, or unauthorized decryption of encrypted data.

Software Transfers and Licenses
Software owned by College of Staten Island must not be up-loaded to any other non-College of Staten Island site, through the Internet/Intranet unless such up-loading is consistent with relevant license agreements and either: (a) Office of Information Technology Services has previously approved of such up-loading, or (b) up-loaded copies are being made for contingency planning purposes.

Downloaded software must be scanned for virus or malicious code prior to execution or access.

Faculty and staff are expected to understand, and abide by all software license agreements. Software must not be copied, distributed, or shared, unless specifically allowed for in the software license agreement.

Back To The Top

Section 3: Network Server Access Policy
Only computer servers authorized by the Office of Information Technology Services will be permitted access to CSI's LAN.

Administrators of servers connected to CSI's LAN are responsible for maintaining a secure server environment; this includes but is not limited to maintaining the most recent version of all security patches for the operating system running on the server as well as installing the KACE agent.

The Office of Information Technology and the CUNY Instructional Technology and Information Services reserve the right to immediately disable network accesses to any unauthorized server as well as any server that has been compromised.

Access to servers from off campus through any method other than Secure Shell Telnet and Secure FTP through CSI's VPN is strictly prohibited as described below. Only access to servers for HTTP for connections to a web page is permitted from the Internet.

CSI maintains email for the College Community through the CSI mail server, mail.csi.cuny.edu. The College does not support in any way other email servers and indeed asks the college community's cooperation in not running any email servers on its LAN.

For special or extenuating circumstances, the Office of Information Technology will consider authorizing email servers on CSI's LAN. Such requests must be made in writing by the appropriate Vice Present to the Vice President of the Office of Information Technology Services with a copy to the Network Manager. Without written confirmation from the Office of Information Technology permitting running an email server, the server will not be permitted on the LAN.

Written requests for authorization for connecting a server to CSI's LAN should be made by an appropriate Vice President and sent to the Vice President for the Office of Information Technology Services with a copy to the network administrator.

To obtain authorization the following information must be included in the request to the Office Information Technology Services' network administrator:

Name of server administrator:

Server name:

Server IP address:

Server MAC address:

Server Operating system:

List of patches and security patches installed:

Who will access server from off campus?

When do you access server from off campus?

How do you access the Internet from off campus, e.g. ISP or remote LAN?

By submitting this request, I agree to IT policies and if IT discovers policies are not being followed then equipment will be subject to removal from the network.

Back To The Top

Section 4: External Access to Campus Services
Confidential Information
All College of Staten Island confidential information, including student specific information, that is accessible from an external site should be transmitted using a secure Internet protocol (e.g.: SSL, VPN) or be encrypted prior to being transmitted.

Back To The Top

Section 5: Campus Access to External Services
Confidential Information
All College of Staten Island confidential information that is transmitted to one or more external sites must be transmitted using a secure Internet protocol (e.g.: SSL, PCT, SET, S/MIME) or be encrypted prior to being transmitted.

Information communicated via newsgroups or electronic mail must not conflict with the level of confidentiality assigned to that information or violate the CUNY Computer Users Responsibilities.

External Site Access and "Blocking"
A site will be blocked if the site promotes mass distribution of unsolicited material, also known as "spamming" or is used in a way that is not consistent with the CUNY Computer User's Responsibilities.

A site will be un-blocked if the following two conditions are met: 1) it becomes necessary in the best interest of College of Staten Island; and 2) the Office of Information Technology grants approval.

Internet Services Provided
The only services that will be allowed to the College of Staten Island from the Internet will be those for which Application Protocol Gateways are available. These services include FTP (get only), HTTP, HTTPS, and Electronic Mail (E-mail). Other services such as SecureFTP (put) and Secure Telnet through a VPN will be provided to individual users on an "as needed" basis. The requestor's Chairperson and Office of Information Technology must approve all requests for additional services. Services provided are limited to specific port configurations.

Staff members must not interfere with, or disrupt the normal operation of the Internet/Intranet services located on College of Staten Island computers, or accessible through the Internet.

The Office of Information Technology is responsible for revising this policy on an annual basis, or as the need arises. In addition, the Office of Information Technology is responsible for working with the necessary organizations to ensure that there is a global consistency of implementation of this policy.

The Office of Information Technology is responsible for daily maintenance and maintaining the security of the systems they operate. They are further responsible for notifying users of their security policies and any changes to these policies. All security policies must be reviewed and approved by the Office of Information Technology.

In the event of an Internet or Intranet Security Breach requiring interruption or denial of service between a subnet and the Internet or Intranet, the Vice President of the Office of Information Technology Services must be informed prior to the separation.

Back To The Top

Definitions / Terms / Acronyms

Term Definition

Application Protocol Gateway Program or device that passes information between networks or applications.

Category 5 Cabling standard used for Ethernet LANs

Decrypt The process of taking encrypted text, or ciphertext, and converting it to plaintext.

Encrypt The process of altering characters, based on an encryption key, so that the characters appear to be nothing but random, garbage characters.

Firewall Any system or element that provides a function of filtering or blocking services, protocols, or packets between systems and/or networks.

FTP A service that supports file transfers between local and remote computers.

IP Address A unique address that is assigned to an individual machine. The address is used as a means of identifying each machine.

LAN Local Area Network.

Network This covers all public networks, such as PSTN, Internet, or carrier networks.

Packet Filter A device that examines individual IP packets and determines whether or not the packet is allowed to proceed to its destination address.

Plaintext Refers to any group of characters that are not encrypted.

Secure Shell SSH lets you establish secure terminal sessions between machines using cryptographic authentication and automatic session encryption.

Telnet Allows users to access computers and their data at thousands of places around the world, most often at libraries, universities, and government agencies.

Worker Refers to employees, contractors, temporaries, etc.

World Wide Web The accessible information available on many computers attached to the Internet. The Web has a body of software, a set of protocols and a set of defined conventions for getting at the information on the Web.

Constraints / Waivers

Appeals for an exception to this policy should be submitted to the Office of Information Technology for approval.

Compliance

It is essential that any violation of this policy be reported immediately to the Office of Information Technology Network Director, his immediate staff, so that appropriate action can be taken to ensure the security of other resources on CSI's LAN.

Violations will result in appropriate disciplinary actions as outlined in the CUNY Computer Users Responsibilities and including, dismissal and prosecution.

Back To The Top

Policy

Mobile devices may be provided to certain employees to conduct activities connected to their employment. Employees who request a mobile device include Executive management staff (ECP and Director level staff) as well as Staff of departments who have been approved for the need of these devices.

A Mobile Device includes: iPad, Laptop, tablet, or smartphone

All requests for mobile devices, services, and upgrades require appropriate management and budget approvals. These devices will be issued only to employees having a valid need as outlined in the criteria section of this document. Furthermore, when selecting mobile devices, the least expensive approved model will be provided unless enhanced functionality is warranted. Accessories will only be approved when needed.

Criteria

The criteria to be used when determining an employee’s need to receive a mobile device includes:

 

  • More than 60% of work is conducted away from the employee’s work station and the employee is required to be contacted on a regular basis, or 
  • Employee is on-call outside of normal work hours, or
  • Employee monitors and administers mission critical information systems during non-business hours, or 
  • The job requires the employee to be immediately accessible to receive and/or make frequent business calls outside of working hours, or
  • Employee requires access to an application that runs only on this device

Personal Use:

Eligible Staff must pay $10 per month fee for personal use of the mobile phone, collected yearly at the beginning of January. Fees for any partial month are collected for the full month. This fee is waived for non-management staff members who are required to carry a College issued mobile device for emergency contact. 
 

Standard Ownership and Responsibilities 

The cost of purchasing the approved device for eligible staff, if any, is borne by the Telecommunications Office. Only approved models will be purchased (see appendix for list of approved models). If a non-standard device is requested, the purchase cost of the device must be paid by the requesting department.
If at any time a mobile device has to be replaced due to breakage or loss, the staff member's department must pay the replacement charges, if any, using departmental funds. Free upgrades are available at the discretion of the Office of Technology Services. 

Department managers are responsible for educating users about their mobile communication device procedures and monitoring usage. CSI issued mobile communication devices are subject to audit by the University.

Virtual Private Network
To ensure the integrity and privacy of personal information, CSI uses a Virtual Private Network (VPN) for its intranet and its access to CUNY Systems. This encrypts all data and uses the best available technology to guarantee security and privacy. In order to apply for VPN access a form needs to be completed with required approval. 

Virtual Private Network (VPN) Policy

Purpose
The purpose of this policy is to provide guidelines for Remote Access using a Virtual Private Network (VPN) connection to the College of Staten Island network.

Scope
This policy applies to all College of Staten Island employees, temporaries, consultants, and other workers including all personnel affiliated with third parties utilizing VPNs to access the College of Staten Island network.  Students are not allowed VPN access to the College of Staten Island network.

Policy
Approved College of Staten Island employees and authorized third parties (customers, vendors, etc.) may utilize the benefits of VPNs, which are a “user managed” service.  This means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and all costs associated with network access from off-campus.

A VPN account will require annual re-authorization at the beginning of the Fall semester by the employee’s supervisor.  A VPN account holder’s access to the system will automatically expire if they no longer have an affiliation with the College

Additionally:

  • It is the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to the College of Staten Island’s internal networks
  • All computers connected to the College of Staten Island’s internal networks via VPN or any other technology must use the most up-to-date anti-virus software that is the corporate standard (www.cuny.edu); this includes personal computers
  • It is the responsibility of supervisors and department heads to:
    • Determine which of their office/department’s college business activities can and cannot be performed via the VPN from off-campus
    • Determine under what circumstances it is appropriate for an employee to use the VPN to conduct College business
    • Communicate the above to their employees
  • VPN users will be automatically disconnected from the College of Staten Island’s networks after thirty minutes if inactivity.  The user must then logon again to reconnect to the network.  Artificial network processes are not to be used to keep the connection open

Enforcement
This policy regulates the use of all VPN services to the College of Staten Island network and users must comply with the CUNY Acceptable Use of Computer Resources policy.  To maintain security, VPN services will be terminated immediately if any suspicious activity is found.  Service may also be disabled until the issue has been identified and resolved.  Any employee found to have violated this policy may be subject to disciplinary action.

CUNY has mandated the use of Cortex XDR on all devices connecting to the College’s network.  Cortex XDR, which is security for a new generation of ransomware and cybersecurity threats, is an advanced protection software which accurately detects threats with behavioral analytics. It reveals the root cause to speed up investigations, enabling attacks to be stopped before damage to the device or sensitive data is compromised.

Wireless Network Access Policy

Welcome to the CSI Wireless Network

  • The computing resources of the university shall be used only for purposes directly related to, or in support of, the academic, research, or administrative activities of the university.
  • You must have a valid authorized account to use computer resources that require one and may use only those computer resources that are specifically authorized. You may use your account only in accordance with its authorized purposes and may not use an unauthorized account for any purpose.
  • Computers on the Wireless Network should not store or transmit data of a sensitive nature such as credit card numbers, private student information, legal or attorney privileged data.
  • You are responsible for the safeguarding of your computer account. You should take all necessary precautions in protecting the account, no matter what type of computer resources you are using.
  • You may not circumvent system protection facilities. 
  • You may not knowingly use any system to produce system failure or degraded performance. 
  • You may not use computer resources for private purposes, including, but not limited to, the use of computer resources for profit making or illegal purposes.

The University reserves the right to monitor, under appropriate conditions, all data contained in the system to protect the integrity of the system and to insure compliance with regulations. Any user who is found to be in violation of these rules shall be subject to the following:

  • Suspension and/or termination of computer privileges;
  • Disciplinary action by appropriate college and/or University officials; 
  • Referral to law enforcement authorities for criminal prosecution; 
  • Other legal action, including action to recover civil damages and penalties.

By logging on you have agreed to the above terms and conditions.

For technical support please contact helpdesk@csi.cuny.edu or 718.982.HELP (4357) 

Please use your CSI computer lab login authentication ID for network access. 

***WARNING ***
***UNAUTHORIZED USE IS PROHIBITED ***