Created: 10/13/2005 [ms]
Revised On: 2/16/2016 [ms] Version 1.0
Network Scanning Policy
(October 14, 2005)
1.0 Authority
The University of West Georgia (UWG) utilizes its Campus Security Plan to identify,
create and maintain appropriate IT policies necessary to ensure the security of IT
resources at the institution. This policy’s need is justified by meeting an identified plan
objective listed in section 1.2 below. This policy is in conformance with the Policy
Manual of the Board of Regents (BOR) of the University System of Georgia. A copy of
the BOR Policy Manual can be obtained at http://www.usg.edu/regents/policymanual/.
1.1 Availability
Upon initial approval and any subsequent approved revisions of this policy, the
affected individuals identified in the Scope below will be notified of the new/revised
policy via email, the campus portal, written communication or some other form of
communication that provides general notification of the policy acceptance or change.
These policies are freely available to everyone. Copies can be obtained on the web
at http://policy.westga.edu.
1.2 Campus Security Plan Reference
This policy addresses item 12.3 of the Campus Security Plan for the University of
West Georgia.
2.0 Purpose
The purpose of this policy is to provide the authority for information security personnel,
identified in writing by the President of the University of West Georgia, to conduct
network scans on any server, computer, network, or device on the University’s campus
or any satellite campus under the University’s authority. Good system security must be
developed in conjunction with regular feedback on its effectiveness. One form of
feedback can be produced by using network-based security scanning tools. Scans may
be conducted to:
 Ensure integrity, confidentiality and availability of information and resources
 Investigate possible security incidents or ensure conformance to UWG security
policies
 Monitor system activity where appropriate.
2.1 Policy Type
This policy shall conform to the requirements for a Program policy as outlined in the
Campus Security Plan
UWG Network Scanning Policy
Page 1 of 4
UWG-PolicyTemplate-v1.0.doc
Created: 10/13/2005 [ms]
Revised On: 2/16/2016 [ms] Version 1.0
3.0 Scope
This policy applies to all UWG faculty, staff and students, in addition to any guests who
are authorized to use the University's computers and/or data network. Any computer,
laptop, printer, or device that an authorized user connects to the campus network is
subject to this policy. This includes equipment owned, leased, rented, or otherwise
controlled or maintained by University employees and students, and other authorized
users. Authorized users accessing University computing resources and the University
data network from off campus sites through dial-up access, broadband access, or other
connections are responsible for ensuring the security and integrity of system(s) they are
using to establish said access.
4.0 Policy
Regular scanning of computers and devices connected to the University’s network can
reveal potential security threats and vulnerabilities. Therefore, the information security
personnel at the University of West Georgia may conduct network scans on any server,
computer, network, or device on the University’s campus or any satellite campus under
the University’s authority. Use of the University's computing and network resources
constitute an acceptance of this policy.
4.1 Authorized and Unauthorized Scanning Activities
No computer system or device connected to the University’s network via wired or
wireless connection will be used to perform network scans on ANY computer,
network, or device, on or off of the University’s campus, with the following
exceptions:
 The University’s networking staff may perform network scans in an effort to
resolve a service problem, as a part of normal system operations and
maintenance, or to enhance the security of University network.
 The University’s Information Security staff may perform network scans to
monitor compliance with University policy, to perform security assessments,
or to investigate security incidents.
 Departmental IT personnel may perform local system scans prior to putting a
system into production or as a part of continued system maintenance.
4.2 Service Degradation and/or Interruptions and Harmful Results
Network scanning is a formidable tool for testing and protecting the University’s
information resources when used properly. Unauthorized or improperly conducted
network scans pose a threat to the availability, integrity, and confidentiality of the
University’s information resources. Improper and unauthorized network scanning
can result in the following:
 Disclosure of Sensitive Data: Network scans yield a tremendous amount of
information about our networked computing systems. This information is
crucial to attackers in their efforts to compromise computer systems. If a
UWG Network Scanning Policy
Page 2 of 4
UWG-PolicyTemplate-v1.0.doc
Created: 10/13/2005 [ms]
Revised On: 2/16/2016 [ms] Version 1.0



critical system is compromised, an attacker may have unlimited access to
confidential data.
Loss of Service: Network attacks vary greatly in nature. The goal of the
attack may be to gain control of a computing system or to simply make the
system unavailable to others. Even the process of vulnerability scanning can
cause a system to crash or behave erratically.
Loss of Network and System Performance: Network scanning can involve
hundreds or even thousands of computing systems. The sheer volume of
network traffic requests can place an incredible strain on the resources of our
computing systems and the University network, resulting in less than optimal
performance for University users.
Loss of Reputation: As a member of the global Internet village our actions
directly affect the safety of information and information resources around the
world. By allowing the University's computing resources to be used to
compromise systems belonging to our global neighbors, our reputation as a
responsible member of Internet may be tarnished.
5.0 Compliance
Compliance with this policy is as indicated in UWG Security Plan.
5.1 Responsibilities and Implementation
Compliance with this policy is the responsibility of each UWG participant
unit/organization IT department. Implementation is the responsibility of the UWG
Information Security Officer (ISO).
5.2 Enforcement
The UWG ISO will monitor the network for unauthorized scans. Anyone found to
have violated this policy will be reported to the appropriate Institutional governing
body.
5.3 Disciplinary Process
Disciplinary actions will be handled via existing Institutional governing bodies and
procedures.
5.4 Clarification/Interpretation Process
Requests for clarification or appeals will first be directed to the Technology Planning
Committee for review. The Faculty Senate has final review authority.
6.0 References
6.1 Definitions
Definitions for this policy can be obtained on the web at http://policy.westga.edu.
7.0 Policy Review
UWG Network Scanning Policy
Page 3 of 4
UWG-PolicyTemplate-v1.0.doc
Created: 10/13/2005 [ms]
Revised On: 2/16/2016 [ms] Version 1.0
The UWG Information Security Officer will review this policy in conjunction with major
changes to the information infrastructure, as part of UWG’s participation in system
security audits, after each breach in system security, or every two years. The UWG ISO
will submit policy changes and new policies for review and approval by the Technology
Planning Committee.
7.1 Review Process
Responsible parties referenced in section 5.1 of this policy will review and submit
revisions per section 2 of the Campus Security Plan for the University of West
Georgia.
7.2 Approval Dates
N/A
7.3 Revisions
N/A
UWG Network Scanning Policy
Page 4 of 4
UWG-PolicyTemplate-v1.0.doc