University of Texas at El Paso
Banner
Library
I.S. Policy Manual
 Print  
Untitled Document
Acceptable Use

1.0 Introduction

The University's intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to The University of Texas at El Paso's (UTEP) established culture of openness, trust and integrity. The University is committed to protecting its employees, partners and the institution from illegal or damaging actions by individuals, either knowingly or unknowingly.

Internet/intranet/extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, and network accounts providing electronic mail (e-mail), web browsing, and FTP are the property of UTEP. These systems are to be used for business purposes in serving the interests of the University, and of our clients and customers in the course of normal operations.

Effective security is a team effort involving the participation and support of every UTEP employee and affiliate who deals with information or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct his activities accordingly.

2.0 Purpose

Under the provisions of the Information Resources Management Act, Information Resources are strategic assets of the State of Texas that must be managed as valuable state resources. Thus this policy is established to achieve the following:

  • Ensure compliance with applicable statutes, regulations, and mandates regarding the management of information resources.
  • Establish prudent and acceptable practices regarding the use of information resources.
  • Educate individuals who may use Information Resources with respect to their responsibilities associated with such use.

3.0 Scope

This policy applies to all individuals granted access privileges to any University Information Resource regardless of affiliation. This policy applies to all equipment that is owned or leased by UTEP.

4.0 General Use and Ownership

While UTEP's network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on University systems remains the property of UTEP. Because of the need to protect UTEP's network, management cannot guarantee the confidentiality of information stored on any network device belonging to the University. Electronic files created, sent, received, or stored on Information Resources owned, leased, administered, or otherwise under the custody and control of UTEP are not private and may be accessed by UTEP IT employees at any time without knowledge of the Information Resources user or owner.

Electronic file content may be accessed by appropriate personnel in accordance with the provisions and safeguards provided in the Texas Administrative Code S202, Information Security Standards.

Employees are responsible for exercising good judgment regarding the reasonableness of personal use. If there is any uncertainty, the employee should consult his supervisor or manager.

The Office of Information Security recommends that any information that users consider sensitive or vulnerable be encrypted. For guidelines on encrypting e-mail and documents, see the Acceptable Encryption Policy.

For security and network maintenance purposes, authorized individuals within UTEP may monitor equipment, systems and network traffic at any time, per the Audit Policy.

UTEP reserves the right to audit all networks and systems on a periodic basis to ensure compliance with this policy.

UTEP encourages everyone associated with the University to act in a manner that is fair, mature, respectful of the rights of others, and consistent with the educational purposes of the University.

By their use of the UTEP network, users acknowledge that the Internet contains access to pornographic and other material that may be offensive to others and unsuitable for minors. UTEP ordinarily does not filter, censor, edit, or regulate the flow of data, software, graphic images, or other materials on the Internet to or from any of its account holders. The Internet may from time to time contain hostile programs, viruses, worms, Trojan horses and other files that may affect or destroy the operation of or information on the computer.

The University is not responsible for the content, accuracy or reliability of information accessed from the Internet. Users are encouraged to verify the authenticity and accuracy of materials sent via the Internet, and to use good judgment when deciding whether to download or open materials from people they do not know and organizations they did not contact.

The University of Texas at El Paso will not be liable for missing or misdirected e-mail. UTEP is not responsible for the loss of files or materials due to deletion, error or malfunction, and users are advised to maintain backup copies of their materials at all times.

Users agree to comply with this policy, other University rules governing acceptable use of information technology, and any applicable state and federal regulations. The terms and conditions of these policies, rules, procedures, and agreements are subject to change without prior notice. Notice of such changes may be given by posting on the Internet, by e-mail, or other means.

Users must report any weaknesses in The University of Texas at El Paso computer security and any incidents of possible misuse or violation of this agreement to the proper authorities by contacting the Helpdesk.

Users must not attempt to access any data or programs contained on The University of Texas at El Paso systems for which they do not have authorization or explicit consent.

Users must not divulge Dialup or Dial back modem telephone numbers to anyone.

Users must not share their University of Texas at El Paso account(s), passwords, Personal Identification Numbers (PIN), security tokens (i.e. Smartcard), or similar information or devices used for identification and authorization purposes.

Users must not make or distribute unauthorized copies of copyrighted software.

Users must not purposely engage in activity that may: harass, threaten or abuse others; degrade the performance of Information Resources; deprive an authorized University of Texas at El Paso user access to a University of Texas at El Paso resource; obtain extra resources beyond those allocated or circumvent The University of Texas at El Paso computer security measures.

Users must not download, install or run security programs or utilities that reveal or exploit weaknesses in the security of a system. For example, The University of Texas at El Paso users must not run password cracking programs, packet sniffers, or port scanners or any other non-approved programs on The University of Texas at El Paso Information Resources. The Office of Information Security and selected network managerial personnel of IT are exempted from this rule.

The University of Texas at El Paso Information Resources must not be used for personal benefit.

Access to the Internet from a University of Texas at El Paso-owned, home-based computer must adhere to all policies that apply to use from within The University of Texas at El Paso facilities. Employees must not allow family members or other non-employees to access The University of Texas at El Paso computer systems.

Users must not engage in acts against the aims and purposes of The University of Texas at El Paso as specified in its governing documents or in rules, regulations or procedures adopted from time to time.

Users agree to follow normal standards of ethics and polite conduct in their use of shared computing/networking resources.

Users should follow the same standards of conduct when interacting on the network as when interacting in person.

Laws and rules against fraud, harassment, obscenity, and the like apply to electronic communications just as they apply to other media. Inappropriate distribution of copyrighted materials such as computer software and music (CDs, tapes, records, etc.) is a violation of federal law and University rules. If you violate these laws, or allow access to others who violate them, your network access may be terminated and you may be subject to civil or criminal penalties or University disciplinary action.

Users agree that they are solely responsible for making sure that any information they access, upload, or transmit (including information obtained through any hyperlink) complies with applicable law.

The network connection supplied by the University for Miner Village residents is for individual use and may not be shared among multiple users. Individuals are responsible for all charges and for all destructive or illegal activity done by anyone to whom they allow access.

Student violators of University rules and policies may be referred to the Dean of Students for disciplinary action. The Dean of Students will be notified of violations of University rules and policies, and will take appropriate disciplinary action.

UTEP, using generally accepted standards of best network administration practices and procedures, has the right to determine what activities disrupt the network. The University further reserves the right to terminate the connection of any host using an unusually high portion of bandwidth if that program unreasonably inhibits the fair use of network resources by other University users or members of the UTEP community.

Users agree that failure of the University to respond to a violation immediately does not prevent it from taking corrective action at a later time.

Users agree NOT to:

  • Use network access for solicitations, commercial purposes, or any business activities for individuals, groups, or organizations.
  • Modify or tamper with network services, wiring, and ports in any room without explicit written permission. This includes extending the network beyond the single network outlet (using a wireless hub for example, Remote Access Servers, tunneling NETBIOS, or Proxies).
  • Establish servers for anything other than academic purposes (or provide other activities that consume a disproportionate share of bandwidth. Examples of servers that would be prohibited include MP3, DVD, and Game servers. Disproportionate share is that which exceeds a limit of 2.5GB/week (on average 500MB/day).
  • Register an outside domain host name that refers to an IP address within the utep.edu domain.
  • Configure cards for anything but 10 Mb/s.
  • Scan for computers on any network using port scanners or network probing software.
  • Use defective or malfunctioning equipment on the network. Violation of this agreement will result in the offending port(s) being disabled without prior notification.
  • Use any connection to engage in any unlawful purpose or transmit material that violates applicable local, state or federal laws or University rules.

5.0 Unacceptable Use

The following activities are, in general, prohibited:

Under no circumstances is an employee of UTEP authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing UTEP-owned resources.

Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by UTEP.

Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which UTEP or the user does not have an active license.

Exporting software, technical information, encryption software or technologies, in violation of international or federal export control laws. Appropriate management should be consulted prior to export of any material that is in question.

Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).

Revealing an account password to others or allowing the use of an authorized University account by others. This includes family and other household members when work is being done at home.

Using a UTEP computer to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction.

Making fraudulent offers of products, items, or services originating from any UTEP account.

Making statements about warranty, expressed or implied, unless it is a part of normal job duties.

Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, ping floods, packet spoofing, denial of service attacks, and forged routing information for malicious purposes.

Executing any form of network monitoring that will intercept data not intended for the employee's host, unless this activity is a part of the employee's normal job duty.

Circumventing user authentication or security of any host, network or account.

Interfering with, or denying service to any user other than the employee's host (for example, denial of service attack).

Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet.

Providing information about, or lists of, UTEP employees to parties outside UTEP.

Sending unsolicited e-mail messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (e-mail spam).

Any form of harassment via e-mail, telephone, or paging, whether through language, frequency, or size of messages.

Unauthorized use, or forging, of e-mail header information.

Solicitation of e-mail for any other e-mail address, other than that of the poster's account, with the intent to harass or to collect replies.

Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.

Use of unsolicited e-mail originating from within UTEP's networks or other Internet Service Providers on behalf of, or to advertise, any service hosted by UTEP or connected via UTEP's network.

Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).

6.0 Incidental Use

As a convenience to The University of Texas at El Paso user community, incidental use of Information Resources is permitted. The following restrictions apply:

  • Incidental personal use of electronic mail, Internet access, fax machines, printers, copiers, etc., is restricted to The University of Texas at El Paso approved users; it does not extend to family members or acquaintances.
  • Incidental use must not result in direct cost to The University of Texas at El Paso.
  • Incidental use must not interfere with the normal performance of an employee's work duties.
  • No files or documents may be sent or received that may cause legal action against, or embarrassment to, The University of Texas at El Paso.
  • Storage of personal e-mail messages, voice messages, files and documents within The University of Texas at El Paso's computer systems must be minimal.
  • All messages, files and documents located on The University of Texas at El Paso computer systems are owned by The University of Texas at El Paso. They may be subject to open records requests and may be accessed in accordance with this policy.

 

7.0 E-Mail

The University of Texas at El Paso provides electronic mail (e-mail) accounts to all faculty, staff, students, and non-university personnel who are affiliated with the University and are assisting the University in meeting its mission. Official business of the University will be conducted using University-furnished e-mail addresses, in the format user@utep.edu. For this reason, all users are strongly urged to obtain an official UTEP e-mail address.

All e-mail use is subject to the general policies governing use of University Information Resources. In addition, the following uses or activities are expressly prohibited:

Transmission, display, printing or storage of any material prohibited by law or University regulations.

Unauthorized transmission, display, printing or storage of legally restricted or confidential material.

Transmission, display, printing or storage of material that is obscene, libelous, or physically threatening.

Transmission, display, printing or storage of material which advertises, promotes or otherwise solicits on behalf of any non-university business, corporation, organization, enterprise or activity or which contributes to the conduct of business by such entities. This includes the conduct of private consulting services by faculty or staff employees of the University.

Transmission, display, printing, or storage of any material through the fraudulent use of another person's password. Any use of another person's password for any purpose is prohibited.

Transmission, display, printing or storage of chain letters, and other forms of mass mailings or any use that may disrupt or delay the timely and orderly provision of e-mail services at the University. Only upon approval of the President or a Vice President of the University may a general broadcast message (e-mail bulletin) be placed in the e-mail system.

Sending e-mail that is intimidating or harassing.

Using e-mail for conducting personal business.

Using e-mail for purposes of political lobbying or campaigning.

Violating copyright laws by inappropriately distributing protected works.

Posing as anyone other than oneself when sending e-mail, except when authorized to send messages for another when serving in an administrative support role.

The use of unauthorized e-mail software.

The following activities are prohibited because they impede the functioning of network communications and the efficient operations of electronic mail systems:

Sending or forwarding chain letters.

Sending unsolicited messages to large groups except as required to conduct agency business.

Sending excessively large messages.

Sending or forwarding e-mail that is likely to contain computer viruses.

All sensitive UTEP material transmitted over external network must be encrypted.

All user activity on UTEP Information Resources assets is subject to logging and review.

Quotas have been established for all users:

Students: 27MB. If amount exceeds this, a warning message is issued. At 29 MB, sending of e-mail is stopped. At 30MB, both sending and receiving are prevented. (Limits current as of November 18, 2003)

Faculty and Staff: 95MB. If amount exceeds this, a warning message is issued. At 97MB, sending of e-mail is stopped. At 100MB, both sending and receiving are prevented. (Limits current as of November 18, 2003)

NOTE: Users may contact the Helpdesk at extension 4357 for increases in quotas. Approval will be made by the appropriate vice-president.

The content, maintenance, and disposition or retention of e-mail messages is the responsibility of the person to whom the e-mail account or address is assigned. E-mail that conducts official business must be maintained for future reference in accordance with the University's records retention policies, which reflect the requirements of state law

Electronic mail users must not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of UTEP or any unit of the UTEP unless appropriately authorized (explicitly or implicitly) to do so. Where appropriate, an explicit disclaimer will be included unless it is clear from the context that the author is not representing the UTEP. An example of a simple disclaimer is: "the opinions expressed are my own, and not necessarily those of my employer."

Individuals must not send, forward or receive confidential or sensitive UTEP information through non-UTEP e-mail accounts. Examples of non-UTEP e-mail accounts include, but are not limited to, Hotmail, Yahoo mail, AOL mail, and e-mail provided by other Internet Service Providers (ISP).

Individuals must not send, forward, receive or store confidential or sensitive UTEP information utilizing non-UTEP accredited mobile devices. Examples of mobile devices include, but are not limited to, Personal Data Assistants, two-way pagers and cellular telephones.

Employees must exercise utmost caution when sending any e-mail from inside UTEP to an outside network. Unless approved by the Office of Information Security, UTEP e-mail will not be automatically forwarded to an external destination. Sensitive information, as defined in the Information Sensitivity Policy, will not be forwarded via any means, unless that e-mail is critical to business and is encrypted in accordance with the Acceptable Encryption Policy.

8.0 Disciplinary Actions

Violation of this policy may result in disciplinary action that may include termination of employees or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of University of Texas at El Paso Information Resources access privileges and may face civil and criminal prosecution.

All personnel are responsible for managing their use of Information Resources and are accountable for their actions relating to Information Resources security. Personnel are also equally responsible for reporting any suspected or confirmed violations of this policy to the appropriate management.

The use of Information Resources must be for officially authorized business purposes only. There is no guarantee of personal privacy or access to tools such as, but not limited to e-mail, web browsing, and other electronic discussion tools. The use of these electronic communication tools may be monitored to fulfill complaint or investigative requirements.

Departments responsible for the custody and operation of computers shall be responsible for proper utilization of Information Resources under their control, as well as the establishment of effective use methods, and providing any required reports to management. Departments must provide adequate access controls in order to monitor systems to protect data and programs from misuse in accordance with the needs defined by owner departments. Access must be properly documented, authorized and controlled.

The user must keep any data used in an Information Resources system confidential and secure. The fact that the data may be stored electronically does not change the requirement to keep the information confidential and secure. Rather, the type of information or the information itself is the basis for determining whether the data must be kept confidential and secure. Furthermore, if this data is stored in a paper or electronic format, or if the data is copied, printed, or electronically transmitted the data must still be protected as confidential and secured appropriately.

All computer software programs, applications, source code, object code, documentation and data shall be guarded and protected as if it were state property.

All commercial software used on computer systems must be supported by a software license agreement that specifically describes the usage rights and restrictions of the product. Personnel must abide by all license agreements and must not illegally copy licensed software. The Information Resources Manager (IRM) through the Information Technology Division reserves the right to remove any unlicensed software from any computer system.

9.0 Security and Proprietary Information

The user interface for information contained on Internet/intranet/extranet-related systems should be classified as either confidential or not confidential, as defined by the Public Information Handbook, Office of the Attorney General, State of Texas. Employees should take all necessary steps to prevent unauthorized access to confidential information. Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. System-level passwords should be changed every 45 days; user-level passwords should be changed every six months.

All PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off when the host is expected to be left unattended. Encrypt information in compliance with the Acceptable Encryption Use Policy. Because information contained on portable computers is especially vulnerable, the Office of Information Security encourages the use of multi-passwords if available, encryption of the hard disk contents, and physical cables or locks attached to the computer.

Postings by a UTEP employee to newsgroups should contain a disclaimer stating that the opinions expressed are strictly his own and not necessarily those of UTEP, unless posting is in the course of business duties. All hosts used by the employee that are connected to the UTEP network, whether owned by the employee or UTEP, shall be continually executing approved virus-scanning software with a current virus database unless overridden by departmental policy. Employees must use extreme caution when opening e-mail attachments received from unknown senders as they may contain viruses, e-mail bombs, or Trojan horse code.

10.0 References

Copyright Act of 1976
Foreign Corrupt Practices Act of 1977
Computer Fraud and Abuse Act of 1986
Computer Security Act of 1987
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The State of Texas Open Records Act
Texas Government Code, Section 441
Texas Administrative Code (TAC) S202
IRM Act, 2054.075(b)
The State of Texas Penal Code, Chapters 33 and 33A
DIR Practices for Protecting Information Resources Assets
DIR Standards Review and Recommendations Publications Revision History

11.0 User Acknowledgment

I acknowledge that I have received the University of Texas at El Paso Acceptable Use Policy. I have read the Policy and understand that I must comply with the Policy when accessing and using Information Resources and my failure to comply with the Policy may result in cancellation of my privilege of use, appropriate disciplinary action, and action by law enforcement authorities.

 
Signature: _______________________________

Print Name: ______________________________

Date: ____________________________________
 Print  
Links
 Print  
Untitled Document