|Responsible University Administrator:||Vice Provost for Academic Affairs|
|Responsible Officer:||Chief Information officer|
|Current Revision Date:||02/19/13|
|Next Review Date:||02/19/17|
|End of Policy Date:||N/A|
This policy is required for the effective communication of university policy regarding the acceptable use of computer equipment at Southern Miss. These rules are in place to protect faculty, staff, students, and the University of Southern Mississippi. Inappropriate use exposes Southern Miss to risks including virus attacks, compromise of network systems and services, and legal issues.
This policy applies to faculty, staff, students, contractors, consultants, temporaries, and other workers at Southern Miss, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by Southern Miss.
|spam||Unauthorized and/or unsolicited electronic messages|
Non-University business related email
Family Educational Rights and Privacy Act
|personally identifiable information||Information that can be directly tie to an individual|
Gramm-Leach-Bliley Act (Protection of banking information)
|SOX||Sarbanes-Oxley Act (integrity of financial reporting)|
1.1.While Southern Miss's network administration desires to provide a reasonable level of integrity, users should be aware that the data/email they create/receive on university systems remain the property of Southern Miss and that no privacy can be expected while using these systems. Because of the need to protect the university's network, management cannot guarantee the confidentiality of information stored on any network device belonging to Southern Miss.
1.2 Faculty and staff are responsible for exercising good judgment regarding the reasonableness of personal use. Information Security recommends that any information which users consider sensitive or vulnerable be password protected.
1.3 For security and network maintenance purposes, authorized individuals within the Southern Miss iTech group may at any time analyze network utilization, traffic patterns and volumes related to Southern Miss systems/equipment and network.
1.4 Southern Miss' iTech Information Security Group reserves the right to audit networks and systems periodically to ensure compliance with this policy.
(PII, FERPA, GLBA, SOX, federal/state regulated.)
2.1 Faculty and staff should take all necessary steps to prevent unauthorized access to this information.
2.2 Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. System level passwords should be changed quarterly. User level passwords should be changed every 90 days.
2.3 All PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off (control-alt-delete for Win2K/XP users) when the system will be unattended.
2.4 Because information contained on portable computers is especially vulnerable, special care should be exercised to protect this data.
2.5 All Postings by employees from Southern Miss email addresses to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of Southern Miss, unless posting is in the course of business duties.
2.6 All hosts used by the employee that are connected to the Southern Miss. Internet/Intranet/Extranet, whether owned by the employee or by Southern Miss, shall be continuously execute approved virus-scanning software (http://eduprod.usm.edu/ infosec/antivirus.php) with a current virus database.
2.7 Employees must use extreme caution when opening email attachments received from unknown senders, which may contain viruses, email bombs, or Trojan horse code.
The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., systems administration staff may have a need to disable the network access of a host if that host is disrupting production services). Under no circumstances are faculty, staff, and students of Southern Miss authorized to engage in any activity that is illegal under local, state, federal, or international law while utilizing Southern Miss-owned resources. The lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.
3.1 System and Network Activities – The following activities are strictly prohibited, without exception:
3.2 Email and Communications Activities – The following activities are strictly prohibited, without exception:
4.1 Faculty, Staff, and Students: Any faculty, staff, or student found to have violated this policy may be subject to disciplinary action, up to and including suspension, expulsion and/or termination of employment in accordance with procedures defined by USM administrative policies stated in the handbook governing that individual.
4.2 External Entities: Any external entity, contractor, consultant, or temporary worker found to have violated this policy may be held in breach of contract, and as such, may be subject to grievances or penalties allowed by such contract.
The Chief Information Officer is responsible for the review of this policy every four years (or whenever circumstances require immediate review).
Amendments: Month, Day, Year – summary of changes
10/24/06 : Posted to website.
11/15/06 : Added link to Peer-to-Peer Policy
11/16/06 : Added link to Password Policy
04/23/08 : Modified policies menu
10/14/08 : Section UNACCEPTABLE USE modified
11/01/11: Formatted for Institutional Policies website
02/19/13: Formatted in new template. “Policy” section renumbered.