Embed Size (px)
DESCRIPTION
Citation preview
USU
Appropriate Use of Computing, Networking, and Information Resources
This policy is intended to be consistent with Utah State University’s established culture of academic freedom, intellectual curiosity, openness, and integrity by defining the requirements and limits of appropriate use of information technology resources and services including computers, digital networks, and information resources at Utah State University. These rules are in place to protect faculty, staff, students, and the University. Inappropriate use exposes Utah State University to risks including compromise of network systems and services, loss of confidential data, loss of the resource for legitimate use, and legal liability.
Computer Management
The intention of this policy is to decrease the availability of Utah State University’s computing resources to unauthorized outsiders. Computing resources and confidential data are sought by unauthorized outsiders for their own purposes, often at the expense of the University or the user of the computer. Proper management of computers reduces these risks of loss and the legal, financial, and personal consequences that may result.
Wireless Network Deployment & Access
Wireless network technologies play an increasingly important role at Utah State University. The purpose of this policy is to establish the intent, direction, and expectation with respect to the deployment (including installation, operation, and maintenance) of wireless technology at Utah State University. USU Information Technology (IT) is taking on the initiative to provide 100% wireless coverage for the institution.
Internal Bulk Email
The intention of this policy is to assign authority and responsibility for content and volume of internal bulk mail so that its use is: a) acceptable to the majority of recipients; b) protects the privacy of recipients; c) and is within the capacity of the systems that generate, transmit, and store the messages.
Banner Identification Number
It is the intention of this policy to recognize that Banner identification (ID) numbers will be treated as public identifiers, rather than Social Security Numbers, with appropriate office practices which recognize the non-confidential status of the Banner ID number.
Network Monitoring & Vulnerability Scanning Policy
Computers that are connected to the Utah State University Network are at risk of compromise resulting in unauthorized access to computing resources (processor power and storage space) and to confidential data (personal and financial) stored on or transmitted through the computer as part of university operations. This Policy defines a means by which vulnerable and/or compromised computers might be identified and isolated from the network pending correction of the problem.
Information Privacy
The objective of this policy is to provide assurance of Institutional respect for privacy of information placed by users on University computers and to define the circumstances and limits on exceptions to that privacy. Users are also cautioned about potential exposure of information and limited privacy on the Internet.
Institutional Email System
The intention of this policy is to collect all official and business communications of the university in one email system of record for security, audit ability, records management, document preservation, archiving and destruction, as appropriate.
UVU
Ethics in Computer Usage
Everyone within the UVU community who uses institution computing and communications facilities has the responsibility to use them in an ethical, professional and legal manner. This means that users agree to abide by the following conditions:
1. The integrity of the systems must be respected.2. Privacy of all users must not be intruded upon at any time.3. Users must recognize that certain data are confidential and must limit their access to such data to uses in
direct performance of their duties.4. The rules and regulations governing the use of facilities and equipment must be respected.5. No one shall obtain unauthorized access to other users' accounts and files.6. The intended use of all accounts, typically for institution scholarly work, instruction and administrative
purposes, must be respected.7. Users shall become familiar with and abide by the guidelines for appropriate usage for the systems and
networks that they access.
Academic Freedom and Information Access
UVU is a community of scholars in which the ideals of freedom of inquiry, freedom of thought, freedom of expression, and freedom of the individual are sustained. The commitment is also expressed in the Faculty Academic Freedom, Professional Responsibility and Tenure, which endorses the "Statement on Academic Freedom in the 1940 Statement of Principles of the American Association of University Professors (AAUP)." The institution's commitment parallels the national "Library Bill of Rights," which affirms the importance of making information and ideas available in an environment free from censorship. This policy statement on information access through computer networks compliments the institution's overall "Policy on Ethics in Computer Usage," which describes the responsibilities of the institution community to use computer resources in an ethical, professional and legal manner.
Institutional Data Management and Access
Information maintained by the institution is a vital asset that will be available to all employees who have a legitimate need for it, consistent with the institution's responsibility to preserve and protect such information by all appropriate means. The institution is the owner of all administrative data; individual units or departments may have stewardship responsibilities for portions of that data. The institution intends that the volume of freely accessible data be as great as possible, given limitations of budget. The value of data as an institutional resource is increased through its widespread and appropriate use; its value is diminished through misuse, misinterpretation, or unnecessary restrictions to its access. The institution expressly forbids the use of administrative data for anything but the conduct of institution business. Employees accessing data must observe requirements for
confidentiality and privacy, must comply with protection and control procedures, and must accurately present the data in any use. The institution determines levels of access to administrative data according to principles drawn from various sources. State and federal law provides clear description of some types of information to which access must be restricted. In an academic community, ethical considerations are another important factor in determining access to administrative data.
Monitoring and Review of Employee Electronic Communications or Files In compliance with federal law, UVU cannot guarantee privacy nor should a user have any expectation of privacy in any message, voice communication, file, image or data created, sent, retrieved or received by use of the institution's equipment and/or access. The institution reserves the right to monitor any and all aspects of its computer systems and to do so at any time, without notice, and without the user's permission.The institution holds as core values the principles of academic freedom and free expression. In consideration of these principles, the institution will not monitor the content of electronic communications of its employees in most instances, nor will it examine the content of employee electronic communications or other employee electronic files stored on its systems except under certain circumstances. In this context, "electronic communications" includes, but are not limited to, telephone communications, so-called "voice mail," e-mail, online chat, and computer files traversing the institution network or stored on institution equipment.
Responsibility for Security of Computing Devices Connected to the UVU Network The purpose of this policy is to clearly define requirements for owners and overseers of UVU network-connected devices to close security gaps. It also describes loss of network access for noncompliance, as well as an exception process.
Use of University Technology Equipment This policy describes the general guidelines for using institution information technology equipment.Private Sensitive Information Institutional information technology resources are at risk from potential threats such as human error, accident, system failures, natural disasters, and criminal or malicious action. The purpose of this policy is to secure the private sensitive information of faculty, staff, students, and others affiliated with the institution, and to prevent the loss of critical operational information.Processing and Control of Distributed Administrative Data
While most administrative data reside on hardware maintained by the Office of Information Technology (OIT) and are managed by the Data Management Group, some data reside in and are managed by other university departments. Given the critical nature of administrative data, it must be managed in a consistent, secure manner across the entire institution. The purpose of this document is, therefore, to define requirements that must be met by any and all departments that have or will have management responsibility for administrative data.
Retention of Electronic Files
The purpose of this policy is to establish rules and procedures for the retention of electronic documents, messages and files in accordance with state and federal law and the established practices of the university.
WSU
The purpose of the Information Security Policy is to:
Provide policy to secure High-Risk, Restricted and/or Confidential information of faculty, staff, students, and others affiliated with the University, and to prevent the loss of information that is critical to the operation of the University.
Provide reasonable and appropriate procedures to ensure the confidentiality, integrity and availability of the University’s Information Technology Resources.
Prescribe mechanisms which help identify and prevent the compromise of information security and the misuse of University data, applications, networks and computer systems.
Define mechanisms which protect the reputation of the University and allow the University to satisfy its legal and ethical responsibilities with regard to its networks’ and computer systems’ connectivity to networks outside the University.
Provide written guidelines and procedures to manage and control information considered to be High-Risk, Restricted and/or Confidential whether in electronic, paper or other forms.
Protect the integrity and validity of University data.
Ensure the Security and protection of High-Risk, Restricted and Confidential information in the University’s custody, whether in electronic, paper, or other forms.
Acceptable Use Policy
Weber State University provides students, faculty and staff with access to both an internal campus network and to the Internet. Such access, used appropriately, legitimately advances the mission of the university. But there is always the possibility for misuse. This Acceptable Use Policy provides guidelines for the use of network and computing resources that reflect the mission statement of the university, protects WSU community members and others from harm, and helps to preserve the availability of network resources for all WSU community members.
Network Security/Firewall Policy
Access to information available through the university’s network systems must be strictly controlled in accordance with approved network access control criteria, which are to be maintained and updated regularly.
Payment Card Handling Policy
The purpose of this policy is to protect payment card data and to comply with the Payment Card Industry's Data Security Standards (PCI DSS) requirements for transmitting, handling and storage of payment card data.
Throughout this policy the term payment card is used to refer to credit, debit and charge cards.
This Policy does not include information on Purchasing Cards. For information on Purchasing Cards (PCARDs) please refer to PPM 5-25i (documents.weber.edu/ppm/5-25i.htm).
University Telecommunications Services
To set forth general telephone policies of the University.
U of U
Data Management
1. Institutional Data is a valuable University asset. It is information about University constituencies students, faculty, staff, resources (funds, space, etc.) that is captured and used in the day-to-day services and operations of the University. It is used as the basis for administrative reports, both internal and external to the University. It enables administrators to assess the needs of the University community and modify services accordingly. It is vital not only in the day-to-day operations of the University, but to short and long-term planning as well.
2. The purpose of this policy is to protect this valuable asset, permit the sharing of it through accurate and consistent definitions, and provide a coordinated approach to its use and management. In all cases, applicable state and federal statutes and regulations that guarantee either protection or accessibility of institutional records take precedence over this policy.
Information Resources To outline the University's policies for students, faculty and staff concerning the use of the University's computing and communication facilities, including those dealing with voice, data, and video. This policy governs all activities involving the University's computing facilities and information resources, including electronically or magnetically stored information. Every user of these systems is required to know and follow this policy.
World Wide Web To outline the University's policy for students, faculty and staff concerning the use of the University's World Wide Web information resources.
IT Security
1. University Information Technology Resources are at risk from potential threats such as human error, accident, system failures, natural disasters, and criminal or malicious action.
2. The purpose of this policy is to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with the University, and to prevent the loss of information that is critical to the operation of the University.
Use and Security of Property
To outline the university's policy toward the use of university property and the manner in which it should be safeguarded against possible loss or misuse.
