ACCEPTABLE USE POLICY
Information Security's intention for publishing an Acceptable Use Policy is not to impose restrictions contrary to University of Southern Mississippi established culture of openness, trust, and integrity. Information Security is committed to protecting Southern Miss faculty, staff, students, and partners from illegal or damaging actions by individuals, either knowingly or unknowingly. Internet/Intranet/Extranet-related systems — including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing — are the property of Southern Miss. Effective security is a team effort requiring the participation and support of every Southern Miss employee and affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.
Reason for Policy/Purpose
This policy is required for the effective communication of university policy regarding the acceptable use of computer equipment at Southern Miss. These rules are in place to protect faculty, staff, students, and the University of Southern Mississippi. Inappropriate use exposes Southern Miss to risks including virus attacks, compromise of network systems and services, and legal issues.
Who Needs to Know This Policy
This policy applies to faculty, staff, students, contractors, consultants, temporaries, and other workers at Southern Miss, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by Southern Miss.
Website Address for this Policy
1.0 GENERAL USE AND OWNERSHIP
1.1.While Southern Miss's network administration desires to provide a reasonable level of integrity, users should be aware that the data/email they create/receive on university systems remain the property of Southern Miss and that no privacy can be expected while using these systems. Because of the need to protect the university's network, management cannot guarantee the confidentiality of information stored on any network device belonging to Southern Miss.
1.2 Faculty and staff are responsible for exercising good judgment regarding the reasonableness of personal use. Information Security recommends that any information which users consider sensitive or vulnerable be password protected.
1.3 For security and network maintenance purposes, authorized individuals within the Southern Miss iTech group may at any time analyze network utilization, traffic patterns and volumes related to Southern Miss systems/equipment and network.
1.4 Southern Miss' iTech Information Security Group reserves the right to audit networks and systems periodically to ensure compliance with this policy.
2.0 SECURED AND PROPRIETARY INFORMATION
(PII, FERPA, GLBA, SOX, federal/state regulated.)
2.1 Faculty and staff should take all necessary steps to prevent unauthorized access to this information.
2.2 Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. System level passwords should be changed quarterly. User level passwords should be changed every 90 days.
2.3 All PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off (control-alt-delete for Win2K/XP users) when the system will be unattended.
2.4 Because information contained on portable computers is especially vulnerable, special care should be exercised to protect this data.
2.5 All Postings by employees from Southern Miss email addresses to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of Southern Miss, unless posting is in the course of business duties.
2.6 All hosts used by the employee that are connected to the Southern Miss. Internet/Intranet/Extranet, whether owned by the employee or by Southern Miss, shall be continuously execute approved virus-scanning software (http://eduprod.usm.edu/ infosec/antivirus.php) with a current virus database.
2.7 Employees must use extreme caution when opening email attachments received from unknown senders, which may contain viruses, email bombs, or Trojan horse code.
3.0 UNACCEPTABLE USE
The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., systems administration staff may have a need to disable the network access of a host if that host is disrupting production services). Under no circumstances are faculty, staff, and students of Southern Miss authorized to engage in any activity that is illegal under local, state, federal, or international law while utilizing Southern Miss-owned resources. The lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.
The Chief Information Officer is responsible for the review of this policy every four years (or whenever circumstances require immediate review).
Amendments: Month, Day, Year – summary of changes
1. 10/24/06 : Posted to website.
2. 11/15/06 : Added link to Peer-to-Peer Policy
3. 11/16/06 : Added link to Password Policy
4. 04/23/08 : Modified policies menu
5. 10/14/08 : Section UNACCEPTABLE USE modified
6. 11/01/11: Formatted for Institutional Policies website
6. 02/19/13: Formatted in new template. “Policy” section renumbered.