SlideShare una empresa de Scribd logo

USU-40Appropriate Use & Privacy of Computing Resources

Descargar como DOCX, PDF
Jacob Adams
Jacob Adams
1 de 6
USU Appropriate Use of Computing, Networking, and Information Resources This policy is intended to be consistent with Utah State University’s established culture of academic freedom, intellectual curiosity, openness, and integrity by defining the requirements and limits of appropriate use of information technology resources and services including computers, digital networks, and information resources at Utah State University. These rules are in place to protect faculty, staff, students, and the University. Inappropriate use exposes Utah State University to risks including compromise of network systems and services, loss of confidential data, loss of the resource for legitimate use, and legal liability. Computer Management The intention of this policy is to decrease the availability of Utah State University’s computing resources to unauthorized outsiders. Computing resources and confidential data are sought by unauthorized outsiders for their own purposes, often at the expense of the University or the user of the computer. Proper management of computers reduces these risks of loss and the legal, financial, and personal consequences that may result. Wireless Network Deployment & Access Wireless network technologies play an increasingly important role at Utah State University. The purpose of this policy is to establish the intent, direction, and expectation with respect to the deployment (including installation, operation, and maintenance) of wireless technology at Utah State University. USU Information Technology (IT) is taking on the initiative to provide 100% wireless coverage for the institution. Internal Bulk Email The intention of this policy is to assign authority and responsibility for content and volume of internal bulk mail so that its use is: a) acceptable to the majority of recipients; b) protects the privacy of recipients; c) and is within the capacity of the systems that generate, transmit, and store the messages. Banner Identification Number It is the intention of this policy to recognize that Banner identification (ID) numbers will be treated as public identifiers, rather than Social Security Numbers, with appropriate office practices which recognize the non- confidential status of the Banner ID number. Network Monitoring & Vulnerability Scanning Policy Computers that are connected to the Utah State University Network are at risk of compromise resulting in unauthorized access to computing resources (processor power and storage space) and to confidential data (personal and financial) stored on or transmitted through the computer as part of university operations. This Policy defines a means by which vulnerable and/or compromised computers might be identified and isolated from the network pending correction of the problem. Information Privacy
The objective of this policy is to provide assurance of Institutional respect for privacy of information placed by users on University computers and to define the circumstances and limits on exceptions to that privacy. Users are also cautioned about potential exposure of information and limited privacy on the Internet. Institutional Email System The intention of this policy is to collect all official and business communications of the university in one email system of record for security, audit ability, records management, document preservation, archiving and destruction, as appropriate. UVU Ethics in Computer Usage Everyone within the UVU community who uses institution computing and communications facilities has the responsibility to use them in an ethical, professional and legal manner. This means that users agree to abide by the following conditions: 1. The integrity of the systems must be respected. 2. Privacy of all users must not be intruded upon at any time. 3. Users must recognize that certain data are confidential and must limit their access to such data to uses in direct performance of their duties. 4. The rules and regulations governing the use of facilities and equipment must be respected. 5. No one shall obtain unauthorized access to other users' accounts and files. 6. The intended use of all accounts, typically for institution scholarly work, instruction and administrative purposes, must be respected. 7. Users shall become familiar with and abide by the guidelines for appropriate usage for the systems and networks that they access. Academic Freedom and Information Access UVU is a community of scholars in which the ideals of freedom of inquiry, freedom of thought, freedom of expression, and freedom of the individual are sustained. The commitment is also expressed in the Faculty Academic Freedom, Professional Responsibility and Tenure, which endorses the "Statement on Academic Freedom in the 1940 Statement of Principles of the American Association of University Professors (AAUP)." The institution's commitment parallels the national "Library Bill of Rights," which affirms the importance of making information and ideas available in an environment free from censorship. This policy statement on information access through computer networks compliments the institution's overall "Policy on Ethics in Computer Usage," which describes the responsibilities of the institution community to use computer resources in an ethical, professional and legal manner. Institutional Data Management and Access Information maintained by the institution is a vital asset that will be available to all employees who have a legitimate need for it, consistent with the institution's responsibility to preserve and protect such information by all appropriate means. The institution is the owner of all administrative data; individual units or departments may have stewardship responsibilities for portions of that data. The institution intends that the volume of freely accessible data be as great as possible, given limitations of budget. The value of data as an institutional resource is increased through its widespread and appropriate use; its value is diminished through misuse, misinterpretation, or unnecessary restrictions to its access. The institution expressly forbids the use of administrative data for anything but the conduct of institution business. Employees accessing data must observe requirements for
confidentiality and privacy, must comply with protection and control procedures, and must accurately present the data in any use. The institution determines levels of access to administrative data according to principles drawn from various sources. State and federal law provides clear description of some types of information to which access must be restricted. In an academic community, ethical considerations are another important factor in determining access to administrative data. Monitoring and Review of Employee Electronic Communications or Files In compliance with federal law, UVU cannot guarantee privacy nor should a user have any expectation of privacy in any message, voice communication, file, image or data created, sent, retrieved or received by use of the institution's equipment and/or access. The institution reserves the right to monitor any and all aspects of its computer systems and to do so at any time, without notice, and without the user's permission. The institution holds as core values the principles of academic freedom and free expression. In consideration of these principles, the institution will not monitor the content of electronic communications of its employees in most instances, nor will it examine the content of employee electronic communications or other employee electronic files stored on its systems except under certain circumstances. In this context, "electronic communications" includes, but are not limited to, telephone communications, so-called "voice mail," e-mail, online chat, and computer files traversing the institution network or stored on institution equipment. Responsibility for Security of Computing Devices Connected to the UVU Network The purpose of this policy is to clearly define requirements for owners and overseers of UVU network- connected devices to close security gaps. It also describes loss of network access for noncompliance, as well as an exception process. Use of University Technology Equipment This policy describes the general guidelines for using institution information technology equipment. Private Sensitive Information Institutional information technology resources are at risk from potential threats such as human error, accident, system failures, natural disasters, and criminal or malicious action. The purpose of this policy is to secure the private sensitive information of faculty, staff, students, and others affiliated with the institution, and to prevent the loss of critical operational information. Processing and Control of Distributed Administrative Data While most administrative data reside on hardware maintained by the Office of Information Technology (OIT) and are managed by the Data Management Group, some data reside in and are managed by other university departments. Given the critical nature of administrative data, it must be managed in a consistent, secure manner across the entire institution. The purpose of this document is, therefore, to define requirements that must be met by any and all departments that have or will have management responsibility for administrative data. Retention of Electronic Files The purpose of this policy is to establish rules and procedures for the retention of electronic documents, messages and files in accordance with state and federal law and the established practices of the university. WSU
The purpose of the Information Security Policy is to: Provide policy to secure High-Risk, Restricted and/or Confidential information of faculty, staff, students, and others affiliated with the University, and to prevent the loss of information that is critical to the operation of the University. Provide reasonable and appropriate procedures to ensure the confidentiality, integrity and availability of the University’s Information Technology Resources. Prescribe mechanisms which help identify and prevent the compromise of information security and the misuse of University data, applications, networks and computer systems. Define mechanisms which protect the reputation of the University and allow the University to satisfy its legal and ethical responsibilities with regard to its networks’ and computer systems’ connectivity to networks outside the University. Provide written guidelines and procedures to manage and control information considered to be High-Risk, Restricted and/or Confidential whether in electronic, paper or other forms. Protect the integrity and validity of University data. Ensure the Security and protection of High-Risk, Restricted and Confidential information in the University’s custody, whether in electronic, paper, or other forms. Acceptable Use Policy Weber State University provides students, faculty and staff with access to both an internal campus network and to the Internet. Such access, used appropriately, legitimately advances the mission of the university. But there is always the possibility for misuse. This Acceptable Use Policy provides guidelines for the use of network and computing resources that reflect the mission statement of the university, protects WSU community members and others from harm, and helps to preserve the availability of network resources for all WSU community members. Network Security/Firewall Policy Access to information available through the university’s network systems must be strictly controlled in accordance with approved network access control criteria, which are to be maintained and updated regularly. Payment Card Handling Policy
The purpose of this policy is to protect payment card data and to comply with the Payment Card Industry's Data Security Standards (PCI DSS) requirements for transmitting, handling and storage of payment card data. Throughout this policy the term payment card is used to refer to credit, debit and charge cards. This Policy does not include information on Purchasing Cards. For information on Purchasing Cards (PCARDs) please refer to PPM 5-25i (documents.weber.edu/ppm/5- 25i.htm). University Telecommunications Services To set forth general telephone policies of the University. U of U Data Management 1. Institutional Data is a valuable University asset. It is information about University constituencies students, faculty, staff, resources (funds, space, etc.) that is captured and used in the day-to-day services and operations of the University. It is used as the basis for administrative reports, both internal and external to the University. It enables administrators to assess the needs of the University community and modify services accordingly. It is vital not only in the day-to-day operations of the University, but to short and long-term planning as well. 2. The purpose of this policy is to protect this valuable asset, permit the sharing of it through accurate and consistent definitions, and provide a coordinated approach to its use and management. In all cases, applicable state and federal statutes and regulations that guarantee either protection or accessibility of institutional records take precedence over this policy. Information Resources To outline the University's policies for students, faculty and staff concerning the use of the University's computing and communication facilities, including those dealing with voice, data, and video. This policy governs all activities involving the University's computing facilities and information resources, including electronically or magnetically stored information. Every user of these systems is required to know and follow this policy. World Wide Web To outline the University's policy for students, faculty and staff concerning the use of the University's World Wide Web information resources.
IT Security 1. University Information Technology Resources are at risk from potential threats such as human error, accident, system failures, natural disasters, and criminal or malicious action. 2. The purpose of this policy is to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with the University, and to prevent the loss of information that is critical to the operation of the University. Use and Security of Property To outline the university's policy toward the use of university property and the manner in which it should be safeguarded against possible loss or misuse.

Recomendados

Data management and computer security business manual mainframe (nwrdc) sup...
Data management and computer security business manual mainframe (nwrdc) sup...Data management and computer security business manual mainframe (nwrdc) sup...
Data management and computer security business manual mainframe (nwrdc) sup...Krunal Solanki
 
Legal and ethical issues
Legal and ethical issuesLegal and ethical issues
Legal and ethical issuesrgermosen
 
Policy on ia 1st assignment
Policy on ia 1st assignmentPolicy on ia 1st assignment
Policy on ia 1st assignmentTimir Shah
 
Si pi, 02, kiki kusumayadi ahadiyat, hapzi ali, the application of data and i...
Si pi, 02, kiki kusumayadi ahadiyat, hapzi ali, the application of data and i...Si pi, 02, kiki kusumayadi ahadiyat, hapzi ali, the application of data and i...
Si pi, 02, kiki kusumayadi ahadiyat, hapzi ali, the application of data and i...kikiahadiyat
 
New teacher Technology Overview 2011
New teacher Technology Overview 2011New teacher Technology Overview 2011
New teacher Technology Overview 2011Dianne Krause
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and SecurityNawanan Theera-Ampornpunt
 
Key findings from information security survey at higher education institution...
Key findings from information security survey at higher education institution...Key findings from information security survey at higher education institution...
Key findings from information security survey at higher education institution...MajedahAlkharji
 
University Mobile Enrollment System: A Nigeria Perspective
University Mobile Enrollment System: A Nigeria PerspectiveUniversity Mobile Enrollment System: A Nigeria Perspective
University Mobile Enrollment System: A Nigeria Perspectiveiosrjce
 

Recomendados

Data management and computer security business manual mainframe (nwrdc) sup...
Data management and computer security business manual mainframe (nwrdc) sup...Data management and computer security business manual mainframe (nwrdc) sup...
Data management and computer security business manual mainframe (nwrdc) sup...Krunal Solanki
 
Legal and ethical issues
Legal and ethical issuesLegal and ethical issues
Legal and ethical issuesrgermosen
 
Policy on ia 1st assignment
Policy on ia 1st assignmentPolicy on ia 1st assignment
Policy on ia 1st assignmentTimir Shah
 
Si pi, 02, kiki kusumayadi ahadiyat, hapzi ali, the application of data and i...
Si pi, 02, kiki kusumayadi ahadiyat, hapzi ali, the application of data and i...Si pi, 02, kiki kusumayadi ahadiyat, hapzi ali, the application of data and i...
Si pi, 02, kiki kusumayadi ahadiyat, hapzi ali, the application of data and i...kikiahadiyat
 
New teacher Technology Overview 2011
New teacher Technology Overview 2011New teacher Technology Overview 2011
New teacher Technology Overview 2011Dianne Krause
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and SecurityNawanan Theera-Ampornpunt
 
Key findings from information security survey at higher education institution...
Key findings from information security survey at higher education institution...Key findings from information security survey at higher education institution...
Key findings from information security survey at higher education institution...MajedahAlkharji
 
University Mobile Enrollment System: A Nigeria Perspective
University Mobile Enrollment System: A Nigeria PerspectiveUniversity Mobile Enrollment System: A Nigeria Perspective
University Mobile Enrollment System: A Nigeria Perspectiveiosrjce
 
It seminar isr
It seminar isrIt seminar isr
It seminar isrASNA p.a
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
Tech coderevised8 17-5
Tech coderevised8 17-5Tech coderevised8 17-5
Tech coderevised8 17-5juliamaguire29
 
Electronic Healthcare Record Security and Management in Healthcare Organizations
Electronic Healthcare Record Security and Management in Healthcare OrganizationsElectronic Healthcare Record Security and Management in Healthcare Organizations
Electronic Healthcare Record Security and Management in Healthcare Organizationsijtsrd
 
Invented jppss staffaupforetec630
Invented jppss staffaupforetec630Invented jppss staffaupforetec630
Invented jppss staffaupforetec630Paula Naugle
 
INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES
INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES
INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES IJNSA Journal
 
11.21.10 inventedemployeeuseagreement
11.21.10 inventedemployeeuseagreement11.21.10 inventedemployeeuseagreement
11.21.10 inventedemployeeuseagreementPaula Naugle
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsAHMED ZINHOM
 
INFORMATION COMMUNICATION TECHNOLOGY I
INFORMATION COMMUNICATION TECHNOLOGY IINFORMATION COMMUNICATION TECHNOLOGY I
INFORMATION COMMUNICATION TECHNOLOGY IYekini Nureni
 
Guidelines in Oral Defense
Guidelines in Oral Defense Guidelines in Oral Defense
Guidelines in Oral Defense Angelito Pera
 
ELECTRONIC COURT CASE MANAGEMENT SYSTEM_Project
ELECTRONIC COURT CASE MANAGEMENT SYSTEM_ProjectELECTRONIC COURT CASE MANAGEMENT SYSTEM_Project
ELECTRONIC COURT CASE MANAGEMENT SYSTEM_ProjectLaud Randy Amofah
 
Security issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A reviewSecurity issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A reviewjournalBEEI
 
Acceptable use policy
Acceptable use policyAcceptable use policy
Acceptable use policygfair3
 
La1 Comp Ethic
La1 Comp EthicLa1 Comp Ethic
La1 Comp EthicCma Mohd
 
document
documentdocument
documentmelatimelor
 
Electronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposalElectronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposalLaud Randy Amofah
 
Standards to bachelor of arts and science degrees
Standards to bachelor of arts and science degreesStandards to bachelor of arts and science degrees
Standards to bachelor of arts and science degreesJacob Adams
 
Keynote speakerbio for cameron
Keynote speakerbio for cameronKeynote speakerbio for cameron
Keynote speakerbio for cameronJacob Adams
 
Letter of confirmation of policy conference
Letter of confirmation of policy conferenceLetter of confirmation of policy conference
Letter of confirmation of policy conferenceJacob Adams
 
Best practices in policy management conference agenda
Best practices in policy management conference agendaBest practices in policy management conference agenda
Best practices in policy management conference agendaJacob Adams
 
Strategic directions diagram
Strategic directions diagramStrategic directions diagram
Strategic directions diagramJacob Adams
 
Statement of leadership philosophy
Statement of leadership philosophyStatement of leadership philosophy
Statement of leadership philosophyJacob Adams
 

Más contenido relacionado

La actualidad más candente

It seminar isr
It seminar isrIt seminar isr
It seminar isrASNA p.a
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challengesLouie Medinaceli
 
Tech coderevised8 17-5
Tech coderevised8 17-5Tech coderevised8 17-5
Tech coderevised8 17-5juliamaguire29
 
Electronic Healthcare Record Security and Management in Healthcare Organizations
Electronic Healthcare Record Security and Management in Healthcare OrganizationsElectronic Healthcare Record Security and Management in Healthcare Organizations
Electronic Healthcare Record Security and Management in Healthcare Organizationsijtsrd
 
Invented jppss staffaupforetec630
Invented jppss staffaupforetec630Invented jppss staffaupforetec630
Invented jppss staffaupforetec630Paula Naugle
 
INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES
INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES
INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES IJNSA Journal
 
11.21.10 inventedemployeeuseagreement
11.21.10 inventedemployeeuseagreement11.21.10 inventedemployeeuseagreement
11.21.10 inventedemployeeuseagreementPaula Naugle
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsAHMED ZINHOM
 
INFORMATION COMMUNICATION TECHNOLOGY I
INFORMATION COMMUNICATION TECHNOLOGY IINFORMATION COMMUNICATION TECHNOLOGY I
INFORMATION COMMUNICATION TECHNOLOGY IYekini Nureni
 
Guidelines in Oral Defense
Guidelines in Oral Defense Guidelines in Oral Defense
Guidelines in Oral Defense Angelito Pera
 
ELECTRONIC COURT CASE MANAGEMENT SYSTEM_Project
ELECTRONIC COURT CASE MANAGEMENT SYSTEM_ProjectELECTRONIC COURT CASE MANAGEMENT SYSTEM_Project
ELECTRONIC COURT CASE MANAGEMENT SYSTEM_ProjectLaud Randy Amofah
 
Security issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A reviewSecurity issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A reviewjournalBEEI
 
Acceptable use policy
Acceptable use policyAcceptable use policy
Acceptable use policygfair3
 
La1 Comp Ethic
La1 Comp EthicLa1 Comp Ethic
La1 Comp EthicCma Mohd
 
Electronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposalElectronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposalLaud Randy Amofah
 

La actualidad más candente (16)

It seminar isr
It seminar isrIt seminar isr
It seminar isr
 
Security & ethical challenges
Security & ethical challengesSecurity & ethical challenges
Security & ethical challenges
 
Tech coderevised8 17-5
Tech coderevised8 17-5Tech coderevised8 17-5
Tech coderevised8 17-5
 
Electronic Healthcare Record Security and Management in Healthcare Organizations
Electronic Healthcare Record Security and Management in Healthcare OrganizationsElectronic Healthcare Record Security and Management in Healthcare Organizations
Electronic Healthcare Record Security and Management in Healthcare Organizations
 
Invented jppss staffaupforetec630
Invented jppss staffaupforetec630Invented jppss staffaupforetec630
Invented jppss staffaupforetec630
 
INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES
INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES
INFORMATION SECURITY SYNTHESIS IN ONLINE UNIVERSITIES
 
11.21.10 inventedemployeeuseagreement
11.21.10 inventedemployeeuseagreement11.21.10 inventedemployeeuseagreement
11.21.10 inventedemployeeuseagreement
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informatics
 
INFORMATION COMMUNICATION TECHNOLOGY I
INFORMATION COMMUNICATION TECHNOLOGY IINFORMATION COMMUNICATION TECHNOLOGY I
INFORMATION COMMUNICATION TECHNOLOGY I
 
Guidelines in Oral Defense
Guidelines in Oral Defense Guidelines in Oral Defense
Guidelines in Oral Defense
 
ELECTRONIC COURT CASE MANAGEMENT SYSTEM_Project
ELECTRONIC COURT CASE MANAGEMENT SYSTEM_ProjectELECTRONIC COURT CASE MANAGEMENT SYSTEM_Project
ELECTRONIC COURT CASE MANAGEMENT SYSTEM_Project
 
Security issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A reviewSecurity issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A review
 
Acceptable use policy
Acceptable use policyAcceptable use policy
Acceptable use policy
 
La1 Comp Ethic
La1 Comp EthicLa1 Comp Ethic
La1 Comp Ethic
 
document
documentdocument
document
 
Electronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposalElectronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposal
 

Destacado

Standards to bachelor of arts and science degrees
Standards to bachelor of arts and science degreesStandards to bachelor of arts and science degrees
Standards to bachelor of arts and science degreesJacob Adams
 
Keynote speakerbio for cameron
Keynote speakerbio for cameronKeynote speakerbio for cameron
Keynote speakerbio for cameronJacob Adams
 
Letter of confirmation of policy conference
Letter of confirmation of policy conferenceLetter of confirmation of policy conference
Letter of confirmation of policy conferenceJacob Adams
 
Best practices in policy management conference agenda
Best practices in policy management conference agendaBest practices in policy management conference agenda
Best practices in policy management conference agendaJacob Adams
 
Strategic directions diagram
Strategic directions diagramStrategic directions diagram
Strategic directions diagramJacob Adams
 
Statement of leadership philosophy
Statement of leadership philosophyStatement of leadership philosophy
Statement of leadership philosophyJacob Adams
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017Drift
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 

Destacado (9)

Standards to bachelor of arts and science degrees
Standards to bachelor of arts and science degreesStandards to bachelor of arts and science degrees
Standards to bachelor of arts and science degrees
 
Keynote speakerbio for cameron
Keynote speakerbio for cameronKeynote speakerbio for cameron
Keynote speakerbio for cameron
 
Letter of confirmation of policy conference
Letter of confirmation of policy conferenceLetter of confirmation of policy conference
Letter of confirmation of policy conference
 
Best practices in policy management conference agenda
Best practices in policy management conference agendaBest practices in policy management conference agenda
Best practices in policy management conference agenda
 
Strategic directions diagram
Strategic directions diagramStrategic directions diagram
Strategic directions diagram
 
Statement of leadership philosophy
Statement of leadership philosophyStatement of leadership philosophy
Statement of leadership philosophy
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with Data
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 

Similar a USU-40Appropriate Use & Privacy of Computing Resources

3202020 Originality Reporthttpsucumberlands.blackboar.docx
3202020 Originality Reporthttpsucumberlands.blackboar.docx3202020 Originality Reporthttpsucumberlands.blackboar.docx
3202020 Originality Reporthttpsucumberlands.blackboar.docxBHANU281672
 
3202020 Originality Reporthttpsucumberlands.blackboar.docx
3202020 Originality Reporthttpsucumberlands.blackboar.docx3202020 Originality Reporthttpsucumberlands.blackboar.docx
3202020 Originality Reporthttpsucumberlands.blackboar.docxlorainedeserre
 
Security Standards, Policies, and Procedures Manual TemplateInstru.docx
Security Standards, Policies, and Procedures Manual TemplateInstru.docxSecurity Standards, Policies, and Procedures Manual TemplateInstru.docx
Security Standards, Policies, and Procedures Manual TemplateInstru.docxjeffreye3
 
University Personal Devices (BYOD) Policy
University Personal Devices (BYOD) PolicyUniversity Personal Devices (BYOD) Policy
University Personal Devices (BYOD) Policykeyashaj
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network InfrastructureMuhammad Zeeshan
 
Access control policy
Access control policyAccess control policy
Access control policyBsmah Fahad
 
Cyber_Security_Policy
Cyber_Security_PolicyCyber_Security_Policy
Cyber_Security_PolicyMrinal Dutta
 
Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Alexander Decker
 
Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Alexander Decker
 
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...IRJET Journal
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network designnephtalie
 
It school policy
It school policyIt school policy
It school policyRach Stiell
 
Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'
Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'
Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'JISC RSC Eastern
 
Database Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisaDatabase Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisaOllieShoresna
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Case study 2 policy tech class-1
Case study 2 policy tech class-1Case study 2 policy tech class-1
Case study 2 policy tech class-1DMHS
 

Similar a USU-40Appropriate Use & Privacy of Computing Resources (20)

Security Plan
Security PlanSecurity Plan
Security Plan
 
3202020 Originality Reporthttpsucumberlands.blackboar.docx
3202020 Originality Reporthttpsucumberlands.blackboar.docx3202020 Originality Reporthttpsucumberlands.blackboar.docx
3202020 Originality Reporthttpsucumberlands.blackboar.docx
 
3202020 Originality Reporthttpsucumberlands.blackboar.docx
3202020 Originality Reporthttpsucumberlands.blackboar.docx3202020 Originality Reporthttpsucumberlands.blackboar.docx
3202020 Originality Reporthttpsucumberlands.blackboar.docx
 
Security Standards, Policies, and Procedures Manual TemplateInstru.docx
Security Standards, Policies, and Procedures Manual TemplateInstru.docxSecurity Standards, Policies, and Procedures Manual TemplateInstru.docx
Security Standards, Policies, and Procedures Manual TemplateInstru.docx
 
Tl vi a
Tl vi aTl vi a
Tl vi a
 
University Personal Devices (BYOD) Policy
University Personal Devices (BYOD) PolicyUniversity Personal Devices (BYOD) Policy
University Personal Devices (BYOD) Policy
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network Infrastructure
 
Data Security
Data SecurityData Security
Data Security
 
Access control policy
Access control policyAccess control policy
Access control policy
 
Cyber_Security_Policy
Cyber_Security_PolicyCyber_Security_Policy
Cyber_Security_Policy
 
Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...
 
Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...Protection and defense against sensitive data leakage problem within organiza...
Protection and defense against sensitive data leakage problem within organiza...
 
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...
 
Medical facility network design
Medical facility network designMedical facility network design
Medical facility network design
 
It school policy
It school policyIt school policy
It school policy
 
Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'
Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'
Jisc RSC Eastern Technical Managers forum June 2013 'BYOD Tech Managers forum'
 
Database Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisaDatabase Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisa
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paper
 
Case study 2 policy tech class-1
Case study 2 policy tech class-1Case study 2 policy tech class-1
Case study 2 policy tech class-1
 

USU-40Appropriate Use & Privacy of Computing Resources

  • 1. USU Appropriate Use of Computing, Networking, and Information Resources This policy is intended to be consistent with Utah State University’s established culture of academic freedom, intellectual curiosity, openness, and integrity by defining the requirements and limits of appropriate use of information technology resources and services including computers, digital networks, and information resources at Utah State University. These rules are in place to protect faculty, staff, students, and the University. Inappropriate use exposes Utah State University to risks including compromise of network systems and services, loss of confidential data, loss of the resource for legitimate use, and legal liability. Computer Management The intention of this policy is to decrease the availability of Utah State University’s computing resources to unauthorized outsiders. Computing resources and confidential data are sought by unauthorized outsiders for their own purposes, often at the expense of the University or the user of the computer. Proper management of computers reduces these risks of loss and the legal, financial, and personal consequences that may result. Wireless Network Deployment & Access Wireless network technologies play an increasingly important role at Utah State University. The purpose of this policy is to establish the intent, direction, and expectation with respect to the deployment (including installation, operation, and maintenance) of wireless technology at Utah State University. USU Information Technology (IT) is taking on the initiative to provide 100% wireless coverage for the institution. Internal Bulk Email The intention of this policy is to assign authority and responsibility for content and volume of internal bulk mail so that its use is: a) acceptable to the majority of recipients; b) protects the privacy of recipients; c) and is within the capacity of the systems that generate, transmit, and store the messages. Banner Identification Number It is the intention of this policy to recognize that Banner identification (ID) numbers will be treated as public identifiers, rather than Social Security Numbers, with appropriate office practices which recognize the non- confidential status of the Banner ID number. Network Monitoring & Vulnerability Scanning Policy Computers that are connected to the Utah State University Network are at risk of compromise resulting in unauthorized access to computing resources (processor power and storage space) and to confidential data (personal and financial) stored on or transmitted through the computer as part of university operations. This Policy defines a means by which vulnerable and/or compromised computers might be identified and isolated from the network pending correction of the problem. Information Privacy
  • 2. The objective of this policy is to provide assurance of Institutional respect for privacy of information placed by users on University computers and to define the circumstances and limits on exceptions to that privacy. Users are also cautioned about potential exposure of information and limited privacy on the Internet. Institutional Email System The intention of this policy is to collect all official and business communications of the university in one email system of record for security, audit ability, records management, document preservation, archiving and destruction, as appropriate. UVU Ethics in Computer Usage Everyone within the UVU community who uses institution computing and communications facilities has the responsibility to use them in an ethical, professional and legal manner. This means that users agree to abide by the following conditions: 1. The integrity of the systems must be respected. 2. Privacy of all users must not be intruded upon at any time. 3. Users must recognize that certain data are confidential and must limit their access to such data to uses in direct performance of their duties. 4. The rules and regulations governing the use of facilities and equipment must be respected. 5. No one shall obtain unauthorized access to other users' accounts and files. 6. The intended use of all accounts, typically for institution scholarly work, instruction and administrative purposes, must be respected. 7. Users shall become familiar with and abide by the guidelines for appropriate usage for the systems and networks that they access. Academic Freedom and Information Access UVU is a community of scholars in which the ideals of freedom of inquiry, freedom of thought, freedom of expression, and freedom of the individual are sustained. The commitment is also expressed in the Faculty Academic Freedom, Professional Responsibility and Tenure, which endorses the "Statement on Academic Freedom in the 1940 Statement of Principles of the American Association of University Professors (AAUP)." The institution's commitment parallels the national "Library Bill of Rights," which affirms the importance of making information and ideas available in an environment free from censorship. This policy statement on information access through computer networks compliments the institution's overall "Policy on Ethics in Computer Usage," which describes the responsibilities of the institution community to use computer resources in an ethical, professional and legal manner. Institutional Data Management and Access Information maintained by the institution is a vital asset that will be available to all employees who have a legitimate need for it, consistent with the institution's responsibility to preserve and protect such information by all appropriate means. The institution is the owner of all administrative data; individual units or departments may have stewardship responsibilities for portions of that data. The institution intends that the volume of freely accessible data be as great as possible, given limitations of budget. The value of data as an institutional resource is increased through its widespread and appropriate use; its value is diminished through misuse, misinterpretation, or unnecessary restrictions to its access. The institution expressly forbids the use of administrative data for anything but the conduct of institution business. Employees accessing data must observe requirements for
  • 3. confidentiality and privacy, must comply with protection and control procedures, and must accurately present the data in any use. The institution determines levels of access to administrative data according to principles drawn from various sources. State and federal law provides clear description of some types of information to which access must be restricted. In an academic community, ethical considerations are another important factor in determining access to administrative data. Monitoring and Review of Employee Electronic Communications or Files In compliance with federal law, UVU cannot guarantee privacy nor should a user have any expectation of privacy in any message, voice communication, file, image or data created, sent, retrieved or received by use of the institution's equipment and/or access. The institution reserves the right to monitor any and all aspects of its computer systems and to do so at any time, without notice, and without the user's permission. The institution holds as core values the principles of academic freedom and free expression. In consideration of these principles, the institution will not monitor the content of electronic communications of its employees in most instances, nor will it examine the content of employee electronic communications or other employee electronic files stored on its systems except under certain circumstances. In this context, "electronic communications" includes, but are not limited to, telephone communications, so-called "voice mail," e-mail, online chat, and computer files traversing the institution network or stored on institution equipment. Responsibility for Security of Computing Devices Connected to the UVU Network The purpose of this policy is to clearly define requirements for owners and overseers of UVU network- connected devices to close security gaps. It also describes loss of network access for noncompliance, as well as an exception process. Use of University Technology Equipment This policy describes the general guidelines for using institution information technology equipment. Private Sensitive Information Institutional information technology resources are at risk from potential threats such as human error, accident, system failures, natural disasters, and criminal or malicious action. The purpose of this policy is to secure the private sensitive information of faculty, staff, students, and others affiliated with the institution, and to prevent the loss of critical operational information. Processing and Control of Distributed Administrative Data While most administrative data reside on hardware maintained by the Office of Information Technology (OIT) and are managed by the Data Management Group, some data reside in and are managed by other university departments. Given the critical nature of administrative data, it must be managed in a consistent, secure manner across the entire institution. The purpose of this document is, therefore, to define requirements that must be met by any and all departments that have or will have management responsibility for administrative data. Retention of Electronic Files The purpose of this policy is to establish rules and procedures for the retention of electronic documents, messages and files in accordance with state and federal law and the established practices of the university. WSU
  • 4. The purpose of the Information Security Policy is to: Provide policy to secure High-Risk, Restricted and/or Confidential information of faculty, staff, students, and others affiliated with the University, and to prevent the loss of information that is critical to the operation of the University. Provide reasonable and appropriate procedures to ensure the confidentiality, integrity and availability of the University’s Information Technology Resources. Prescribe mechanisms which help identify and prevent the compromise of information security and the misuse of University data, applications, networks and computer systems. Define mechanisms which protect the reputation of the University and allow the University to satisfy its legal and ethical responsibilities with regard to its networks’ and computer systems’ connectivity to networks outside the University. Provide written guidelines and procedures to manage and control information considered to be High-Risk, Restricted and/or Confidential whether in electronic, paper or other forms. Protect the integrity and validity of University data. Ensure the Security and protection of High-Risk, Restricted and Confidential information in the University’s custody, whether in electronic, paper, or other forms. Acceptable Use Policy Weber State University provides students, faculty and staff with access to both an internal campus network and to the Internet. Such access, used appropriately, legitimately advances the mission of the university. But there is always the possibility for misuse. This Acceptable Use Policy provides guidelines for the use of network and computing resources that reflect the mission statement of the university, protects WSU community members and others from harm, and helps to preserve the availability of network resources for all WSU community members. Network Security/Firewall Policy Access to information available through the university’s network systems must be strictly controlled in accordance with approved network access control criteria, which are to be maintained and updated regularly. Payment Card Handling Policy
  • 5. The purpose of this policy is to protect payment card data and to comply with the Payment Card Industry's Data Security Standards (PCI DSS) requirements for transmitting, handling and storage of payment card data. Throughout this policy the term payment card is used to refer to credit, debit and charge cards. This Policy does not include information on Purchasing Cards. For information on Purchasing Cards (PCARDs) please refer to PPM 5-25i (documents.weber.edu/ppm/5- 25i.htm). University Telecommunications Services To set forth general telephone policies of the University. U of U Data Management 1. Institutional Data is a valuable University asset. It is information about University constituencies students, faculty, staff, resources (funds, space, etc.) that is captured and used in the day-to-day services and operations of the University. It is used as the basis for administrative reports, both internal and external to the University. It enables administrators to assess the needs of the University community and modify services accordingly. It is vital not only in the day-to-day operations of the University, but to short and long-term planning as well. 2. The purpose of this policy is to protect this valuable asset, permit the sharing of it through accurate and consistent definitions, and provide a coordinated approach to its use and management. In all cases, applicable state and federal statutes and regulations that guarantee either protection or accessibility of institutional records take precedence over this policy. Information Resources To outline the University's policies for students, faculty and staff concerning the use of the University's computing and communication facilities, including those dealing with voice, data, and video. This policy governs all activities involving the University's computing facilities and information resources, including electronically or magnetically stored information. Every user of these systems is required to know and follow this policy. World Wide Web To outline the University's policy for students, faculty and staff concerning the use of the University's World Wide Web information resources.
  • 6. IT Security 1. University Information Technology Resources are at risk from potential threats such as human error, accident, system failures, natural disasters, and criminal or malicious action. 2. The purpose of this policy is to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with the University, and to prevent the loss of information that is critical to the operation of the University. Use and Security of Property To outline the university's policy toward the use of university property and the manner in which it should be safeguarded against possible loss or misuse.