StudSec Policies & Information

Information regarding the operational policies of StudSec.

• Brand policy
• Reimbursements
• Brass richtlines

Brand policy

The StudSec brand policy aims to clearly position and visualize VU StudSec and its components in relation to other educational institutions at home and abroad. A strong brand ensures recognizability, reliability and a professional image. The StudSec brand policy was adopted by the first board on 4-6-2024 and voted in on 13-6-2024. The main principles of the StudSec brand policy are:

1. StudSec is associated with the VU

StudSec is at time of writing an association primarily by and for VU students, this should be reflected in the branding. Primarily through the use of simular colors. The VU's colors are:

Primary blue:

RGB: 000 119 179CMYK: 100% 30% 0% 0%RAL: 5015WEB: #0077b3

Secondary blue:

Tertiary blue:

RGB: 223 242 253CMYK: 15% 0% 0% 0%WEB: #dff2fd

The logo to be used for text is Press Start 2P https://fonts.google.com/specimen/Press+Start+2P

Note: to the best of our knowledge these colors are not trade marked, and should be free to directly copy. However, do not attempt to directly impersonate the VU. This guideline is meant for our logo's, websites and other branded items, which are still distinctly StudSec. Under no circumstances should there be confusion if a given item is part of StudSec or the VU.

2. StudSec uses a consistent logo

StudSec uses a consistent logo across all official branding, these are:

Online

• Github
• Instagram
• LinkedIn
• Discord
• Website
• pwncrates
• Twitter
• Wiki
• Discord OAuth
  • Wiki
  • StudBot
  • pwncrates

Physical

• Hoodies
• Stickers

3. StudSec events may use a custom logo

Large or joint events or projects may use a custom logo to underline its significance, this includes (but is not limited to) VU CTF & the roomba project. It is still recommended to keep the design affiliated with StudSec, be this through the use of the same design style, colors or by incorporating the StudSec logo within it.

Reimbursements

If you've made a purchase on behalf of or for the benefit of StudSec you can request a reimbursement. The process of which is outlined in this document.

Please double check with the treasurer before making any purchase for which you would like to be reimbursed. Not doing so means your reimbursement request will most likely be rejected

Requesting a reimbursement

To request a reimbursement fill in the Google form which can be found here with all required information, if you have any issue in this process please reach out to treasurer@studsec.nl.

Receipts/invoices

The reimbursement request is required to contain proof-of-purchase receipts that contain only StudSec purchases listed in the table above. If you are no longer able to produce a receipt only containing these items please contact the treasurer, if you have no receipt at all then we can unfortunately not reimburse you.

Brass richtlines

This document is still a work-in-progress, until this disclaimer is removed StudSec does not officially endorse, support or otherwise approve of brassing in the way this document outlines or otherwise.

Overview

'Brassing' is a traditional student activity in which items or (certain) people are stolen from their student association and ransomed bank with a letter (referred to as a 'bras brief'). This letter announces to the association what item or person was stolen, and lists the demands the association is deemed to meet in order for the return of the individual/item. The tradition of brassing has been established as a way to strengthen the bonds between sister associations (referred to as 'verbroedering'). 

The guidelines outlined in this document are not binding, but are setup to ensure brassing is considered a positive interaction for all parties involved. They are roughly based on existing guidelines, which can be found here.

It should be noted that these guidelines apply both to members of StudSec seeking to bras, as well as other associations seeking to bras from StudSec.

Rules

1. Firstly consider why you wish to bras and who. The goal of brassing is to strengthen existing bonds. These bonds may be because of an existing (friendly) rivalry between your association and StudSec, because of a shared location (the VU or Amsterdam) or because of existing friendships.
2. Brassing happens on the same level, this means that a dispuut or committee does not bras from a board or vice versa. A board may enlist the help of their association members when conducting an attempt at brassing but this action must be fully supported by initiating board. 
3. Ensure that everyone that will bear the consequences of your bras action is aware of this. This means that the board is not responsible for any bras action initiated by members unless they give prior approval. Similarly, if a board has conducted a bras they should inform their association of this.
4. Do not abuse sincere hospitality, if you are somewhere on invitation, or given digital access to a system for friendly reasons, do not use the opportunity to bras. Constitutie Borrels (COBO) and Dies/Lustrum Borrels are an exception to this.
5. Be aware that not all your demands may be met, in this case both parties should try to come to a friendly compromise.
   
6. Do not let the consequences of brassing continue after the demands have been met. Should any hard feelings remain after this make sure to voice these and take steps to ensure that it is resolved going forward. Brassing is meant to strengthen existing bonds, not damage them.
7. Brassing of objects
   1. Only association objects may be brassed. These are objects that belong to the association, have a high emotional or formal value but notably do not have a significant financial value.
   2. When an object is brassed responsibility must be claimed within 24 hours, this may be done by mail, phone call, video or other creative means.
   3. Do not lose or damage the brassed object. Should this happen make sure to communicate this to the association from which you brassed and seek a suitable solution together.
   4. It is permitted to modify or decorate the brassed object as you deem fit, do note that this may not be done in an irreversible way or a way in which the object my no longer be used for its origional function.
8. Brassing of individuals
   1. Only board members of StudSec may be brassed, this may only be done during a Cobo or Diebo. The board member should be able to continue in their function at the event after the brass attempt (success or failure).
   2. For brassing of members of other associations members of StudSec should check with the bras guidelines of their target association. 
9. Brassing of IT infrastructure
   1. Being a cyber security focused association, StudSec allows for and encourages the brassing of its IT infrastructure. However, to ensure GDPR and operational compliance there are some rules that should be adhered to. Note that these rules only apply to StudSec infrastructure, and may under no circumstances be used to justify attacking other infrastructure.
   2. Do not cause permanent damage, this includes the deletion of data (including the logs you might have generated getting access). A competent sysadmin should be able to revert your access within 15 minutes.
   3. Do not interfere with the functionality of the targeted systems, at no point should a system break or go offline due to your actions.
   4. Do not access or extract sensitive information, this includes:
      1. Any information related to StudSec members
      2. The database of ctf.studsec.nl or any other database that can reasonably be assumed to contain person-related information
      3. API keys or other credentials
   5. When defacing a website take care to not to ruin the image of StudSec, it should not discourage any potential members or sponsors from being interested in StudSec.
   6. Should any of the above accidentally happen please immediately take up contact with board@studsec.nl