StudSec Policies & Information
Information regarding the operational policies of StudSec.
Brand policy
The StudSec brand policy aims to clearly position and visualize VU StudSec and its components in relation to other educational institutions at home and abroad. A strong brand ensures recognizability, reliability and a professional image. The StudSec brand policy was adopted by the first board on 4-6-2024 and voted in on 13-6-2024. The main principles of the StudSec brand policy are:
1. StudSec is associated with the VU
StudSec is at time of writing an association primarily by and for VU students, this should be reflected in the branding. Primarily through the use of simular colors. The VU's colors are:
Primary blue:
Secondary blue:
Tertiary blue:
Note: to the best of our knowledge these colors are not trade marked, and should be free to directly copy. However, do not attempt to directly impersonate the VU. This guideline is meant for our logo's, websites and other branded items, which are still distinctly StudSec. Under no circumstances should there be confusion if a given item is part of StudSec or the VU.
2. StudSec uses a consistent logo
StudSec uses a consistent logo across all official branding, these are:
Online
- Github
- Discord
- Website
- pwncrates
- Wiki
- Discord OAuth
- Wiki
- StudBot
- pwncrates
Physical
- Hoodies
- Stickers
3. StudSec events may use a custom logo
Large or joint events or projects may use a custom logo to underline its significance, this includes (but is not limited to) VU CTF & the roomba project. It is still recommended to keep the design affiliated with StudSec, be this through the use of the same design style, colors or by incorporating the StudSec logo within it.
Reimbursements
If you've made a purchase on behalf of or for the benefit of StudSec you can request a reimbursement. The process of which is outlined in this document.
Please double check with the treasurer before making any purchase for which you would like to be reimbursed. Not doing so means your reimbursement request will most likely be rejected
Requesting a reimbursement
To request a reimbursement fill in the Google form which can be found here with all required information, if you have any issue in this process please reach out to treasurer@studsec.nl.
Receipts/invoices
The reimbursement request is required to contain proof-of-purchase receipts that contain only StudSec purchases listed in the table above. If you are no longer able to produce a receipt only containing these items please contact the treasurer, if you have no receipt at all then we can unfortunately not reimburse you.
Brass richtlines
Overview
'Brassing' is a traditional student activity in which items or (certain) people are stolen from their student association and ransomed bank with a letter (referred to as a 'bras brief'). This letter announces to the association what item or person was stolen, and lists the demands the association is deemed to meet in order for the return of the individual/item, this letter should be sent within 24 hours. The tradition of brassing has been established as a way to strengthen the bonds between sister associations (referred to as 'verbroedering').
The guidelines outlined in this document are not binding, but are setup to ensure brassing is considered a positive interaction for all parties involved. They are roughly based on existing guidelines, which can be found here.
It should be noted that these guidelines apply both to members of StudSec seeking to bras, as well as other associations seeking to bras from StudSec.
Rules
- Firstly consider why you wish to bras and who. The goal of brassing is to strengthen existing bonds. These bonds may be because of an existing (friendly) rivalry between your association and StudSec, because of a shared location (the VU or Amsterdam) or because of existing friendships.
- Brassing happens on the same level, this means that a dispuut or committee does not bras from a board or vice versa. A board may enlist the help of their association members when conducting an attempt at brassing but this action must be fully supported by initiating board.
- Ensure that everyone that will bear the consequences of your bras action is aware of this. This means that the board is not responsible for any bras action initiated by members unless they give prior approval. Similarly, if a board has conducted a bras they should inform their association of this.
- Do not abuse sincere hospitality, if you are somewhere on invitation, or given digital access to a system for friendly reasons, do not use the opportunity to bras. Constitutie Borrels (CoBo) and Dies/Lustrum Borrels are an exception to this.
- Be aware that not all your demands may be met, in this case both parties should try to come to a friendly compromise.
- Do not let the consequences of brassing continue after the demands have been met. Should any hard feelings remain after this make sure to voice these and take steps to ensure that it is resolved going forward. Brassing is meant to strengthen existing bonds, not damage them.
- Should any damage arise as a direct result of the bras attempt, the brassing party is considered responsible for any repairs or replacements.
- Brassing of objects
- Only association objects may be brassed. These are objects that belong to the association, have a high emotional or formal value but notably do not have a significant financial value.
- During a CoBo or DieBo objects that have a StudSec sticker on it (with the exception of laptops or phones) may be brassed.
- When an object is brassed responsibility must be claimed within 24 hours, this may be done by mail, phone call, video or other creative means.
- Do not lose or damage the brassed object. Should this happen make sure to communicate this to the association from which you brassed and seek a suitable solution together.
- It is permitted to modify or decorate the brassed object as you deem fit, do note that this may not be done in an irreversible way or a way in which the object my no longer be used for its origional function.
- If an object has been brassed during a CoBo or Diebo the object should be returned after the attempt, you may take a picture outside the venue with the object as proof.
- Brassing of individuals
- Only board members of StudSec may be brassed, this may only be done during a Cobo or Diebo. The board member should be able to continue in their function at the event after the brass attempt (success or failure).
- For brassing of members of other associations members of StudSec should check with the bras guidelines of their target association.
- Brassing of IT infrastructure
- Being a cyber security focused association, StudSec allows for and encourages the brassing of its IT infrastructure. However, to ensure GDPR and operational compliance there are some rules that should be adhered to. Note that these rules only apply to StudSec infrastructure, and may under no circumstances be used to justify attacking other infrastructure.
- Do not cause permanent damage, this includes the deletion of data (including the logs you might have generated getting access). A competent sysadmin should be able to revert your access within 15 minutes.
- Do not interfere with the functionality of the targeted systems, at no point should a system break or go offline due to your actions.
- Do not access or extract sensitive information, this includes:
- Any information related to StudSec members
- The database of ctf.studsec.nl or any other database that can reasonably be assumed to contain person-related information
- API keys or other credentials
- When defacing a website take care to not to ruin the image of StudSec, it should not discourage any potential members or sponsors from being interested in StudSec.
- Should any of the above accidentally happen please immediately take up contact with board@studsec.nl
Member Photo Consent
At StudSec, your privacy is our priority. When you registered, we asked if you were comfortable with your picture being shared on social media. Here are some frequently asked questions to clarify our policy.
Why do we take pictures?
While the workshops and other events are valuable on the day of the event, we believe establishing a strong public image is essential. Our sponsors, partners, and collaborators use this public image to support our mission. By sharing our activities on social media, we aim to make cybersecurity more accessible and aware to everyone.
What qualifies as being in the picture?
You will need to provide consent if your face is fully visible and identifiable in the photo. However, pictures that only show personal belongings, clothing (like shots from behind), or other attributes that do not clearly identify you do not require consent and may be posted. If you have any objections regarding specific pictures, please reach out to us, and we will gladly talk to find an agreement.
How do I change my preferences?
We understand that opinions may change over time. If you wish to update your consent preferences for any reason, simply fill out the following form. Your latest entry is the one that will count.
https://url.studsec.nl/member-consent
Other questions?
If you have any further questions, feel free to reach out to any member of the StudSec Board. We're here to help!