IT Security Standards for Faculty & Staff

Introduction
The University's Computer and Information Network is a continually growing and changing resource that supports thousands of users and hundreds of systems. These resources are intended to support the academic, research and business needs of the University community. In order to ensure a reasonable and dependable level of support to the entire University community, these resources require professional management and responsible use. Misuse by even a few individuals has the potential to disrupt University business and/or the legitimate academic or research work of students and faculty. No commercial or non-University related uses are to be made without the expressed, written approval of the appropriate University Vice Chancellor.

Users are therefore required and expected to exercise responsible, ethical behavior when using these resources. Access to and use of these resources is issued on a temporary basis while the user is an active member of the University community (i.e. registered student, staff or faculty member). Resources remain the property of the University at all times.

Scope
These standards apply to all computing and communication resources at the University of Massachusetts at Lowell ("resources"), to all information stored therein, and to each user of these resources ("user community"). The resources include any and all University-owned or managed computer-related equipment, computer systems, and interconnecting networks, as well as all information contained therein. The user community consists of those persons and organizations which use, directly or indirectly, any of these resources.

Rights and Disclaimers
The University acknowledges the requirement to maintain user privacy and to avoid unnecessary interruption of user activities. To maintain a stable operating environment and to insure against unauthorized or improper use of those facilities, the University reserves the right, without notice, to inspect any data or file stored on the system(s). In the event of suspected misuse or of questionable use, the file owner will be contacted for further discussion and/ or explanation. In the event that use is determined to be contrary to University policy and/ or prevailing law appropriate measures will be taken. These measures may include, but are not limited to, permanent/temporary suspension of user privileges and deletion of files.

Conditions of Use
Member of the user community must use only those resources to which they have been specifically granted access by the University. The unauthorized use of resources is prohibited and may, in some cases, be violations of the law.

Unauthorized use includes, but is not limited to, the following:
  • Use of University resources to gain unauthorized access to resources of this and/or other institutions, organizations, or individuals.
  • Use of false or misleading information for the purpose of obtaining access to resources.
  • Authorizing another person or organization to use your computer accounts. You are responsible for all use of your accounts. You must take all reasonable precautions, including password maintenance and file protection measures, to prevent use of your account by unauthorized persons. You must not, for example, share your password with anyone else. You also must not provide anyone else's password, encrypted or otherwise, to anyone who is not authorized to have it.
  • Use of any resource in a manner that violates State or Federal Law or University policy , e.g. the use of resources for private gain.
  • Accessing, altering, copying, moving, or removing information, proprietary software or other files (including programs, subroutine libraries, data and electronic mail) from system or public files or files of other users without prior authorization.
  • Use of any resource irresponsibly or in a manner that needlessly affects the work of others. This includes transmitting or making accessible offensive, or harassing material; intentionally, recklessly or negligently damaging any system ( i.e. by the introduction of any so-called "virus", "worm", or "trojan-horse" program); intentionally damaging or violating the privacy of information not belonging to you; or intentionally misusing or allowing misuse of system resources.
  • Any use of University equipment or services for intentionally transmitting, communicating or accessing pornographic or sexually explicit material, images, text or other offensive material.
  • It is your responsibility to report any violation of these guidelines by another individual and any information relating to a flaw in or bypass of resource security to the immediate Systems Support Personnel or Manager.

Any questions about these standards or of the applicability of these standards to a particular situation should be referred to the immediate Systems Support Personnel or Manager.