The University of Memphis

Acceptable Use of Information Technology Resources



POLICIES

Issued: March 16, 2014
Responsible Official: Vice President for Information Technology
Responsible Office: Information Technology Services

Policy Statement


Policy Statement

In keeping with the spirit of free intellectual inquiry that is fundamental to our mission, the principles of academic freedom and individual privacy will be respected by the University as outlined in this policy.  In turn, all users of the University's information technology resources are expected to demonstrate the highest respect for the rights of others in their use of these resources.  Access to the University's information technology (IT) resources is a privilege.  This privilege may be limited or revoked if an individual violates University policies or state or federal laws.

This policy applies to all information technology resources provided by the University and to all users of these resources.  All members of the University community are given notice of this policy by virtue of its publication, and are subject to it on the same basis.  Ignorance of this policy does not relieve any user of his or her responsibilities under the policy.  All users are expected to familiarize themselves with the contents of this policy and act in conformance with the following principles regarding any use of the University's IT resources.

Due to the rapid nature of change in both information technologies and their applications, the University may amend this policy whenever deemed necessary or appropriate.  Users are encouraged to periodically review this policy in order to understand their rights and responsibilities under this policy.



Contents

Definitions
Procedures
FAQs
Links

Definitions


HackAn unauthorized access to a computer or service. This access may include modifications to programs or other unauthorized activities.  

Trojan horseA destructive program that masquerades as a benign application; one of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

Virus

A program or piece of code that is loaded onto a computer without the owner's knowledge. Viruses can replicate themselves.  All viruses are manmade.


WormA program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down.

Peer-to-Peer File Sharing

A software program that automatically discovers and/or shares files with peers on a network. Although there are legitimate peer-to-peer file sharing programs, some of these programs are used for unlawful activities, such as sharing music and videos that are protected by copyright.   



Procedures


User Access - Principle I

User access to information technology resources is granted to an individual by the University solely for the grantee's own use.  User access privileges must not be transferred or shared, except as expressly authorized by an appropriate University official.

This principle is intended to help protect the integrity, security, and privacy of user accounts.  Sharing access with another individual undermines the security of an account, leaving it vulnerable to abuse by others.  Sharing or transferring access may also jeopardize the security of the University's entire information technology system.  Keeping passwords secure and attending to an account while logged on are fundamental to the security of an account.

Not sharing access privileges also helps protect against unauthorized activities on an account for which an individual could be held personally responsible.  For example, if someone else uses an account with the account holder's permission and violates University policy, including the Code of Student Rights and Responsibilities, the account holder can be charged with the violation and made subject to the same student or employment disciplinary action as the actual user.

Students should not share account information and/or passwords with any other users.  University employees should not share passwords with any other employee unless expressly authorized to do so by the appropriate University authority with responsibility for the account.

For information and assistance about obtaining and/or maintaining a University  IT account, contact the University's IT HelpDesk at 901-678-8888.  


User Privacy, Integrity and Operational Security-Principle II

The privacy of all users and the integrity and operational security of the University's information technology system must be respected by all.  University IT resources must not be used to attempt unauthorized access to private information maintained by users or by the University itself.

This principle is intended to apply to all aspects of the University's information technology system, and to all users, whether students, employees, or guest users.  The University's IT resources must not be used to gain unauthorized access to private information, even if that information is not securely protected or is otherwise available.  The fact that an individual account and its data may be unprotected does not confer either an ethical or legal right to access it.

The University will not routinely monitor the content of private electronic communications or other private electronic activity and will make every reasonable effort to protect them from unauthorized access or inspection.  However, investigations of misuse, unauthorized use or illegal activity, as well as routine or emergency maintenance of the University's IT system, may sometimes require observation of private information by appropriate and authorized university officials, employees, or their authorized agents.  Such activities are not in violation of this principle so long as these activities are conducted by authorized individuals on behalf of the University.

Unauthorized access to private information constitutes a violation of this policy, and may result in serious disciplinary charges under the Code of Student Rights and Responsibilities, up to and including expulsion, and/or employment discipline, up to and including termination. Violation of this principle may also constitute a violation of state or federal law.

Examples of activities that may violate this principle 


Shared Resources - Principle III

Information technology resources are shared resources that must be available to all users in an equitable manner.  Users must not engage in any behavior or activity that unreasonably interferes with the access privileges of other users or with the University's ability to provide access to these resources for its entire community of users.

Information technology resources are finite and must be shared.  The University's commitment to the principle of fair and equitable access for all users requires that users refrain from activities that compromise its overall ability to deliver IT services or that interfere with its ability to make IT resources available for all qualified users.  This principle involves every aspect of the University's IT services and infrastructure, ranging from such diverse activities as unauthorized network connections through disruptive behavior in University computer labs that interferes with the rights of other lab users.  The University reserves the right to take all appropriate and reasonable measures, including the use of available technological measures (e.g., limiting the amount of available bandwidth) in order to insure equitable access to IT resources for the benefit of all users.

Examples of activities that may violate this principle


Misuse of IT Resources - Principle IV

Users must not use University information technology resources in the commission of any illegal or otherwise unauthorized act.  Violation of state or federal laws, including anti-hacking provisions, copyright, and trademark laws, is inconsistent with ethical and responsible use of University IT resources and is strictly prohibited.

Users agree to strict adherence to this principle through their use of University IT resources.  In addition to possible civil and criminal penalties, illegal use can result in serous sanctions under the University Policy UM 1483, Use of Copyrighted Materials, and the Code of Student Rights and Responsibilities. Sanctions can include severe employment discipline, up to and including termination.  The University will cooperate fully with law enforcement officials regarding criminal investigations of any use of its IT resources in violation of this principle.

Examples of activities that may violate this principle 


Conduct and Behavior - Principle V

Users should observe the same standards of ethical conduct and courteous behavior that govern non-electronic vocal and written communications and other personal interactions whenever they use the University's IT resources.

Ethical and courteous use of information technology resources is the responsibility of every user.  This principle is fundamental to the spirit of community and standards of civility that should govern interactions among all members of the University community.

While this principle applies to all users under any circumstances, it is particularly important that students using University owned computers in labs or other University controlled areas conform to this policy and all other applicable University policies or regulations, including the Code of Student Rights and Responsibilities and the TigerLAN Lab Guidelines.

Employees of the university also have a special ethical duty to use their broad access to the University's information technology resources in conformance with this and all other principles of this policy.  Use of information technology resources by University employees that is unrelated to their official position should be reasonable and limited in both time and resources and must not interfere with University functions or the employee's performance of employment responsibilities.

In some instances, failure to act in conformance with this principle may violate state or federal law, and also may violate other principles of this policy or other University policies themselves, including the Code of Student Rights and Responsibilities.  Violations of this principle may result in limiting or even denial of access to these resources, as well as student and/or employment disciplinary action.

Examples of activites that may violate this principle 


Unauthorized Commercial Use - Principle VI

Users must not use University information technology resources for any unauthorized commercial purposes.  Use of any University information technology resources for personal gain or profit is prohibited.

The University's IT resources are provided in support of the University's educational, research and service missions; therefore, uses that are consistent with this purpose must always receive the highest priority.  Other uses, such as those that indirectly support this mission, including reasonable and limited personal use, while permissible, must necessarily receive a lower priority.  Unauthorized commercial use of university resources is inappropriate and inconsistent with the University's mission.

Examples of activities that may violate this principle


Peer-to-Peer File Sharing--Principle VII

 Users may not install or use any unauthorized Peer-to-Peer File Sharing device to share or distribute

  • copyrighted material without authorization from the copyright owner.
  • privileged, private, or strategic information determined by cognizant administrators as vital to the operation of the University.
  • any viruses, spyware, copyrighted software, or license keys.
  • software that threatens or disrupts any University of Memphis computing services.

Peer-to-peer file sharing programs may pose opportunities for significant loss to owners of copyrighted material and significant liability to the University.  Allowing non-authorized access to computers on the University network may provide access to  privileged information.  Peer to peer programs degrade the speed of the network, and they may contain spy-ware, viruses, or exploits that may allow unauthorized access to the machine hosting the program.  These programs also contribute to network slowdowns and may provide backdoors to hackers with additional resources to launch attacks.

Examples of activities that may violate this principle 


Response to Violations

Violation of this policy will result in action by the appropriate University office or agency.  Students who violate this policy may be referred to the University's Office of Judicial and Ethical Programs for disciplinary action under the Code of Student Rights and Responsibilities.  Employees who violate this policy may be subject to disciplinary measures imposed by their appropriate supervisor in consultation with the University's Office of Employee Relations and its Office of Legal Counsel.  Violations of state or federal laws regarding unlawful access or use may be referred to the appropriate law enforcement officials for investigation and/or prosecution.   


University Sanctions

University sanctions will be imposed by the appropriate University authority upon findings made in conformance with the due process procedures outlined in applicable University policies.  Sanctions may include, but are not limited to, limitation or revocation of access rights and/or other sanctions up to and including suspension or expulsion for students, and termination for employees.  Sanctions may also include restitution to the University for charges incurred in detecting and substantiating violations of these rules, as well as any costs incurred as a result of the violation itself.  Users should be aware such charges could be substantial.


Investigation and Review of Charges

When the Chief Information Officer, a designee, or the appropriate system administrator has reason to believe that a violation involving a security threat to the system or other users and/or illegal activity may have occurred, he or she may immediately suspend information technology privileges for the involved user(s).

If a user account is summarily suspended, the user will be immediately notified.  Users may check the status of reinstatement of access privileges by contacting the University's IT Helpdesk at (901) 678-8888.  If, upon further investigation by the appropriate University officials, the violation appears to have been willful and deliberate, the appropriate University official may refer the violation and the violator's identity to the appropriate University authority for disciplinary action.



FAQs


What are activities that may violate Principle II - User Privacy, Integrity, and Operational Security?

Examples of activities that may violate this principle, include, but are not limited to the following:

  1. Hacking or attempted hacking activity of any kind, including but not limited to:
    • Altering, damaging or attempting to alter or damage files or systems without authorization
    • Intentionally damaging or destroying the integrity of electronic information
    • Attempting to access or control another computer network without authorization
    • Scanning of networks for security vulnerabilities
  2. Unauthorized access of another user's account in any manner
  3. Unauthorized viewing and/or publication of private information maintained on the University's system

What are activities that may violate Principle III - Shared Resources?

Examples of activities that may violate this principle, include, but are not limited to the following:

  1. Intentional disruption of the IT system, including without limitation, installing, propagating, or otherwise running any malicious program that attempts to violate the operational integrity of the system (e.g. "worms" and "viruses")
  2. Failure to comply with requests from appropriate University employees to discontinue activities that threaten the operational integrity of any component of the IT system
  3. Unauthorized connections to the system, its networks, as well as unauthorized extensions or re-transmissions of any system services.
  4. Continuing to download or upload large files during periods of peak usage after having received a request from the appropriate University IT official to defer such use until a later time
  5. Intentional physical damage to University owned IT resources.

What are activities that may violate Principle IV - Misuse of IT Resources?

Examples of activities that may violate this principle, include, but are not limited to the following:

  1. Hacking activity of any kind.
  2. Unauthorized upload, download, or other digital reproduction of copyrighted materials, including documents, software, music, and films.
  3. Unauthorized storage of copyrighted materials, including documents, software, music and films, on University owned or controlled IT resources.
  4. Misrepresentation of one's identity.
  5. Electronic distribution of threatening or illegally harassing communications.
  6. Unauthorized interception of electronically transmitted information.

What are activities that may violate Principle V - Conduct and Behavior?

Examples of activites that may violate this principle, include, but are not limited to the following:

  1. Repeated, unsolicited, or unwanted electronic communication with an individual after the sender has been asked to stop
  2. Misrepresentation of the identity of the sender of an electronic communication or web site host
  3. Obscuring or forging of the date, time, physical source, logical source, or other header information of a message or transaction
  4. Alteration of the content of a message originating from another person or computer with the intent to deceive
  5. Acquiring or attempting to acquire the passwords of other users
  6. The unauthorized deletion of another user's postings, files, etc.
  7. Using IT resources while on duty for the University in a manner that interferes with performance of employment responsibilities
  8. Inappropriate use of University authority or special access privileges to the University's system

What are activities that may violate Principle VI - Unauthorized Commercial Use?

Examples of activities that may violate this principle, include, but are not limited to the following:

  1. Using University hosted IT services to advertise, provide services to, and/or sell commercial products or services
  2. Using University IT resources to distribute unsolicited advertisements on behalf of commercial entities

What are activities that may violate Principle VII--Peer-to-Peer File Sharing

 Examples of activities that may violate peer-to-peer file sharing, include, but are not limited to the following:

  1. Downloading any copyrighted media without permisssion from the copyright owner.
  2. Creating a copy of electronic media that has been purchased and making it available online to others.
  3. Installing software that stores, downloads, uploads, advertises content, and distributes copyrighted media without permission from the copyright owner.
  4. Posting to personal web space licensed software that has been modified to run without a license.


Links


Code of Student Rights and Responsibilities

 http://www.memphis.edu/studentconduct/studenthandbook.htm

 


Use of Copyrighted Materials

 http://policies.memphis.edu/UM1483.htm


TigerLAN Lab Guidelines

http://www.memphis.edu/umtech/TigerLAN_Guidelines.htm


Red Flag Policy

http://policies.memphis.edu/UM1714.htm



Revision Dates


  UM1535 - March 16, 2014
UM1535 - Rev: April 17, 2013
UM1535 Rev.1 -- updated July 31, 2007
UM1535 - Issued: July 31, 2007 - supercedes policy number 1:2A:03:01
UM1535 - Issued: January 14, 2004


Subject Areas:

AcademicFinanceGeneralHuman ResourcesInformation TechnologyStudent Affairs
    XX     XX