Technology Policies

1. Overview

Information Security’s intention for publishing an Acceptable Use policy is not to impose restrictions contrary to The University of Southern Mississippi’s established culture of openness, trust and integrity.  Information Security is committed to protecting Southern Miss faculty, staff, students and partners from illegal or damaging actions by individuals, either knowingly or unknowingly.

Internet/Intranet/Extranet-related systems, including but not limited to, computer equipment, software, operating systems, storage media, network accounts providing electronic mail, and WWW browsing are the property of Southern Miss.

Effective security is a team effort requiring the participation and support of every Southern Miss employee and affiliate who deals with information and/or information systems.  It is the responsibility of every computer user to know these guidelines and to conduct their activities accordingly.

2. Purpose

The purpose of this policy is to outline the acceptable use of computer equipment at Southern Miss.

These rules are in place to protect faculty, staff, students and The University of Southern Mississippi.  Inappropriate use exposes Southern Miss to risks including virus attacks, compromise of network systems and services, and legal issues.

3. Scope

This policy applies to faculty, staff, students, contractors, consultants, temporaries and other workers at Southern Miss, including all personnel affiliated with third parties.

This policy applies to all equipment that is owned or leased by Southern Miss.

4. Policy

4.1 GENERAL USE AND OWNERSHIP

1. While Southern Miss’ network administration desires to provide a reasonable level of integrity, users should be aware that the data/email they create/receive on university systems remain the property of Southern Miss and that no privacy can be expected while using these systems.  Because of the need to protect the university’s network, management cannot guarantee the confidentiality of information stored on any network device belonging to Southern Miss.

2. Faculty and staff are responsible for exercising good judgment regarding the reasonableness of personal use.  Information Security recommends that any information which users consider sensitive or vulnerable be password-protected.

3. For security and network maintenance purposes, authorized individuals within the Southern Miss iTech group may at any time analyze network utilization, traffic patterns and volumes related to Southern Miss systems/equipment, and network.

4. Southern Miss’ iTech Information Security Group reserves the right to audit networks and systems periodically to ensure compliance with this policy.

4.2 SECURED AND PROPRIETARY INFORMATION

(Personally Identifiable, FERPA, GLBA, SOX, Federal/State regulated.  See definitions in Section 6 of this policy.)

5. Faculty and staff should take all necessary steps to prevent unauthorized access to this information.

6. Keep passwords secure and do not share accounts.  Authorized users are responsible for the security of their passwords and accounts.  System-level passwords should be changed quarterly.  User-level passwords should be changed every 90 days.

7. All PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off (Control-ALT-Delete for Win2K/XP users) when the system will be unattended.

8.Because information contained on portable computers is especially vulnerable, special care should be exercised to protect this data.

9. All postings by employees from Southern Miss email addresses to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of Southern Miss, unless posting is in the course of business duties.

10. All hosts used by the employee that are connected to the Southern Miss Internet/Intranet/Extranet, whether owned by the employee or by Southern Miss, shall continuously execute approved virus-scanning software (www.usm.edu/itech/resources) with a current virus database.

11. Employees must use extreme caution when opening email attachments received from unknown senders, which may contain viruses, email bombs or Trojan horse code.

4.3. UNACCEPTABLE USE

The following activities are, in general, prohibited.  Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g. systems administration staff may have a need to disable the network access of a host if that host is disrupting production services).  Under no circumstances are faculty, staff and students of Southern Miss authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing Southern Miss-owned resources.  The lists below are by no means exhaustive but attempt to provide a framework for activities which fall into the category of unacceptable use.

12. System and Network Activities: The following activities are strictly prohibited, without exception:

Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by Southern Miss

Collection, storage or distribution of pornography or material considered to be obscene in violation of this policy

Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, copyrighted movies, and the installation of any copyrighted software for which Southern Miss or the end user does not have an active license is strictly prohibited.

Illegally exporting software, technical information, encryption software or technology in violation of international or regional export control laws

Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, email bombs, etc.)

Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.

Using a Southern Miss computing asset to actively engage in procuring or transmitting material in violation of sexual harassment or hostile workplace laws in the user’s local jurisdiction

Making fraudulent offers of products, items or services originating from any Southern Miss account

Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, the following: accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, “disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service and forged routing information.

Port scanning or security scanning is expressly prohibited unless prior notification is given to Information Security and /or these processes are within the scope of regular duties.

Executing any form of network monitoring which will intercept data not intended for the employee’s host, unless this activity is a part of the employee’s normal job/duties

Circumventing user authentication or security of any host, network or account

Interfering with or denying service to any user other than the employee’s host (for example, denial of service attack)

Using any program/script/command or sending messages of any kind with the intent to interfere with or disable a user’s terminal session, by any means, locally or via the Internet/Intranet/Extranet

Providing information about (or lists of) Southern Miss faculty, staff or student protected/non-directory information to parties outside the university without the express written permission of the university administration

Any person found in violation of this policy will be notified immediately to cease and desist. The user will be given a time frame to comply or be disconnected from the Southern Miss network until they can prove the issue has been addressed.

13. Email and Communications Activities: The following activities are strictly prohibited, without exception:

Sending email messages, including “junk mail/SPAM” or other advertising material, to individuals who did not specifically request such material (email spam)

Any form of harassment via email, telephone or paging whether through language, frequency or size of messages

Unauthorized use, or forging, of email header information in an attempt by an individual to misrepresent or hide his or her identity

Solicitation of email for any other email address, other than that of the poster’s account, with the intent to harass or to collect replies

Creating or forwarding chain letters or other pyramid schemes of any type

Use of unsolicited email originating from within Southern Miss’ networks to advertise any service not hosted by Southern Miss

Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam)

 

 5. Enforcement

5.1 FACULTY, STAFF AND STUDENTS

Any faculty, staff or student found to have violated this policy may be subject to disciplinary action, up to and including suspension, expulsion and/or termination of employment in accordance with procedures defined by university administrative policies stated in the handbook governing that individual.

5.2 EXTERNAL ENTITIES

Any external entity, contractor, consultant or temporary worker found to have violated this policy may be held in breach of contract, and as such, may be subject to grievances or penalties allowed by such contract.

6. Definitions

1.      Spam: unauthorized and/or unsolicited electronic mass mailings

2. Junk: non-university business related email

3. FERPA: Family Educational Rights and Privacy Act as amended of 1974

4. Personally Identifiable: information that can be directly tied to an individual

5. LBA: Gramm-Leach-Bliley Act (protection of banking information)

6. SOX: Sarabanes-Oxley Act (integrity of financial reporting)