Acceptable Use of Computing and Electronic Resources Policy: Difference between revisions
imported>Deaskc |
imported>Deaskc |
||
Line 11: | Line 11: | ||
== Definitions == | == Definitions == | ||
=== Administrative Control === | |||
: protecting an information system through policy, procedure, training, directives from an authority, or similar efforts that instruct and require individuals to take corrective actions. | |||
=== | === Authorized Personnel === | ||
: | :an employee with assigned responsibilities to support Information Resources, or approved by the Office of General Counsel, Director of Human Resources or the Chief Information Officer or designee(s) to perform a specific duty or duties in regards to Information Resources. | ||
=== | === Information Resources === | ||
: | :information owned or possessed by the University, or related to the business of the University, regardless of form or location, and the hardware and software resources used to electronically store, process, or transmit that information. | ||
=== | === Information Technology === | ||
: | :hardware and software resources owned, leased, or used by the University and its partners to store, process or transmit University information. Information technology is a subset of the University’s Information Resources. | ||
=== | === ITS === | ||
: | :the University’s Office of Information Technology Services. | ||
=== | === IT Infrastructure === | ||
: | :the system of enterprise hardware, software, networks, facilities, and service components used to develop, test, operate, monitor, manage, and/or support information technology services. | ||
=== University === | |||
:Appalachian State University. | |||
=== User === | |||
:a person who uses Information Resources. | |||
== Policy and Procedure Statements == | == Policy and Procedure Statements == |
Revision as of 19:56, 6 May 2019
Policy 901
Introduction
1.1. The purpose of this policy is to outline the acceptable uses and specific prohibitions that are inherent to the access and use of Information Technology and Information Resources owned or provided by Appalachian State University (hereinafter “the University”).
1.2. Individuals subject to this policy are responsible for exercising reasonable good judgment with respect to specific expectations regarding the use of Information Resources. Each user is expected to understand that Information Technology represents a shared service with finite resources. Users should exercise reasonable efforts to avoid impacting others’ efficient use of Information Technology and Resources.
Scope
Individuals Covered by this Policy
This policy applies to all users of Information Resources owned or provided by the University, including: 1) devices provided by the University, 2) services provided by the University, or 3) data that belongs to the University regardless of the location. This applies to any cloud services employed to conduct University business or provide University services.
Definitions
Administrative Control
- protecting an information system through policy, procedure, training, directives from an authority, or similar efforts that instruct and require individuals to take corrective actions.
Authorized Personnel
- an employee with assigned responsibilities to support Information Resources, or approved by the Office of General Counsel, Director of Human Resources or the Chief Information Officer or designee(s) to perform a specific duty or duties in regards to Information Resources.
Information Resources
- information owned or possessed by the University, or related to the business of the University, regardless of form or location, and the hardware and software resources used to electronically store, process, or transmit that information.
Information Technology
- hardware and software resources owned, leased, or used by the University and its partners to store, process or transmit University information. Information technology is a subset of the University’s Information Resources.
ITS
- the University’s Office of Information Technology Services.
IT Infrastructure
- the system of enterprise hardware, software, networks, facilities, and service components used to develop, test, operate, monitor, manage, and/or support information technology services.
University
- Appalachian State University.
User
- a person who uses Information Resources.
Policy and Procedure Statements
Common Forms of Computer Abuse
4.1.1 Misuse or abuse of computers, computer systems, computer networks or any other electronic communication technologies is prohibited. The following topics are considered areas of abuse:
- Privacy vs Open Records. Investigating or reading another user's files is considered the same as reading papers on someone's desk - a violation of their privacy. Reading protected files, by whatever mechanism, is considered the same as "breaking and entering." Violations include, but are not limited to:
- attempting to access another user's computer files without permission;
- supplying or attempting to supply false or misleading information or identification in order to access another user's account;
- deliberate, unauthorized attempts to access or use University computers, computer facilities, networks, systems, programs or data;
- the unauthorized manipulation of Appalachian's computer systems, programs or data.
- the unauthorized capturing of computer network data directly from network backbone or local area networking media.
- Use of electronic communication technologies to engage in harassment as defined by Appalachian Policy 110.
- Theft includes the stealing of any property of the Institution, or State of North Carolina. Violations include, but are not limited to:
- using subterfuge to avoid being charged for the use of computer resources;
- deliberate, unauthorized use of another user's account to avoid being billed for the computer usage;
- abusing specific computer resources, such the INTERNET or the World Wide Web (as described in other publications);
- attempting unauthorized access to computers outside the University using the University's computers or communications facilities;
- removing any computer equipment (hardware, software, data, etc.) without written authorization;
- copying, or attempting to copy, data or software without proper authorization.
- Vandalism - Any user's account, as well as the operating system itself, is a possible target for vandalism. Attempted or detected alteration of user system software, data or other files, as well as equipment or resources disruption or destruction, is considered vandalism. Violations include, but are not limited to:
- sending either mail or a program which will replicate itself or do damage to another user's account;
- tampering with or obstructing the operation of the Universities' computer systems (for example, attempting to "crash" the system);
- inspecting, modifying, or distributing data or software without proper authorization or attempting to do so;
- attempting to interfere with the performance of the system;
- damaging computer hardware or software.
- Unauthorized Business Usage includes any use of university resources for promoting or conducting business for personal use. Violations include, but are not limited to:
- sending mass mailings
- using computer accounts for work not authorized for that account
- Copyright Issues - The University owns licenses to a number of proprietary programs. Users who redistribute software from the computing systems break agreements with its software suppliers, as well as applicable federal copyright, patent and trade secret laws. Therefore, the redistribution of any software from computing systems is strictly prohibited except in the case of software which is clearly marked as being in the public domain. Violations include, but are not limited to copying, transmitting, or disclosing data, software or documentation without proper authorization.
- Miscellaneous - Other uses commonly considered unethical, such as:
- unauthorized and time consuming recreational game playing;
- using computer accounts for work not authorized for that account;
- sending chain letters or unauthorized mass mailings;
- using the computer for any illegal purposes;
Computer Usage Guidelines
- Users are to have valid, authorized accounts and may only use those computer resources which are specifically authorized. Users may only use their account in accordance with its authorized purpose. Users are responsible for safeguarding their own computer account. Users should not let another person use their account unless authorized by the system administrator for a specific purpose. Passwords should be changed often to ensure that private and secure files are kept secure.
- Users who choose to publish home pages on the World Wide Web must identify themselves as the author and provide a means to be contacted. In addition, they must include a disclaimer that the home page content reflects their own views and not necessarily that of the University. Furthermore, any pointers to other web resources must include, within the context of the pointer or its surrounding text, a clear indication as to what a browser will find when arriving at that resource.
- Users may not change, copy, delete, read or otherwise access files or software without permission of the custodian of the files or the system administrator. Users may not bypass accounting or security mechanisms to circumvent data protection schemes. Users may not attempt to modify software except when intended to be user customized.
- Users may neither prevent others from accessing the system nor unreasonably slow down the system by deliberately running wasteful jobs, playing games, engaging in non-productive or idle chatting, or sending mass mailings or chain letters.
- Users shall assume that any software they did not create is copyrighted. They may neither distribute copyrighted proprietary material without the written consent of the copyright holder nor violate copyright or patent laws concerning computer software, documentation or other tangible assets.
- Users must not use the computer systems to violate any University policies or any local, state or federal laws.
- A user shall disclose to the appropriate authorities misuses of computing resources or potential loopholes in computer systems security and cooperate with the systems administrator in the investigation of abuses. In connection with inquiries into possible abuses, the University reserves the right to examine files, programs, passwords, accounting information, printouts or other computing material without notice.
Penalties
4.3.1 Abuse or misuse of computing services may violate this policy or user responsibility, but it may also violate the criminal statutes. Therefore, the University will take appropriate action in response to user abuse or misuse of computing services. Action may include, but not necessarily be limited to:
- Suspension or revocation of computing privileges. Access to all computing facilities and systems can, may, or will be denied;
- Reimbursement to the University for resources consumed;
- Other legal action including action to recover damages;
- Referral to law enforcement authorities;
- Computer users (faculty, staff and/or students) will be referred to the appropriate office for disciplinary action.
Additional References
Authority
Contact Information
Original Effective Date
Revision Dates
- June 21, 2017