IT Security Policy: Quickstart Guide for All Users Version 1 - 3rd January, 2001 Table of Contents 1. Background 2. Quick Guide 3. Warnings 3.1. Gross Misconduct 3.2. Offences in Law 4. Monitoring 1. Background The University IT Security Policy is of necessity a complex document covering many aspects of security, conditions of use, and operating guidelines. The full University IT Security Policy consists of seven documents and can be found on our web site at: http://www.rgu.ac.uk/its and can be found under the index subheading Policies. 1.1. "IT Security Policy" 1.2. "Standards and Guidelines for All Users of University Computing and Network Facilities". 1.3. "Standards and Guidelines for Strategic Systems." 1.4. "Standards and Guidelines for School-Based Systems." 1.5. "Standards and Guidelines for Desktop Computers." 1.6. A copy of the JANET Acceptable Use Policy. This short "Quick Start" guide for all users to conditions of use. All users should take the trouble to read, in particular, the full text of "Standards and Guidelines for All Users of University Computing and Network Facilities". All users are also asked specifically to read and comply with the two very short sections which cover virus protection and the sharing of passwords and login identities. For normal, decent minded, people, our conditions of use do not present any onerous burden. But we have to be specific on certain activities which are regarded as unacceptable. These are broadly summarised below, and referred to in full in the rest of the Security Policy. 2. Quick Guide The following is a commonsense guide provided as a quick introduction on the key features of our conditions of use. It in no way supersedes or replaces the full text of our security policy and is here as a guide only: University computing facilities are an expensive resource – please treat them accordingly. The facilities are provided for use in teaching, learning, research and administration. Do not use them for anything else other than very incidental personal use. Do not use computing facilities for personal commercial use. Do not use computing facilities for downloading, storing, viewing or transmitting any material which is (or may be considered to be) defamatory, inflammatory, discriminatory, obscene or any other offensive material. Do not breach intellectual property rights of the University or third parties by copying material or software without authorisation. Do not attempt to gain unauthorised access to any part of the computing facilities. Do not share your password or logon identity with anyone else. Do not misrepresent the University or bring it into disrepute in any way through the use of computing facilities, and in particular communication facilities. Do not willfully or recklessly damage our computing facilities, waste or misuse the resources they offer or waste the time of staff who support them. Be polite and courteous to others when using our computing facilities and in particular the communication mechanisms they offer (e.g. e-mail). 3. Warnings 3.1 Gross Misconduct Certain activities, which are fully described in the full policy, will be regarded as Gross Misconduct by the University, and are subject to severe penalties for both staff and students, including (for staff) dismissal or (for students) expulsion: These include but are not limited to: Damage, or interruption to the use of computing facilities. Gaining or attempting to gain unauthorised access to any part of the computing facilities or information stored therein. Willful or reckless infringement of any intellectual property rights of the University or third parties. Viewing, transmission or storage of any material which is (or may be considered to be) defamatory, inflammatory, discriminatory, obscene or any other offensive material. Harassment, abuse or other offensive personal or collective communication. For a more complete description of matters that may be regarded as gross misconduct you should refer to page 4 of this policy and the University's disciplinary codes for staff and students respectively. 3.2. Offences in Law Certain activities, which are also referred to in the full policy, may constitute an offence in Law. There are specific offences stated under the Computer Misuse Act, the Data Protection Act, and other acts governing the possession of extremely offensive or certain types of pornographic material. Some of these offences are punishable by imprisonment and/or fines. Users should be aware that if they commit an offence in law in the course of using the University Computing Facilities, they may be liable to severe criminal penalties over and above any disciplinary action taken by the University. Breach of the policy may involve you in personal civil liability either to the University or a third party. 4. Monitoring The University, through authorised individuals, reserves the right to periodically check and monitor the computing and networking facilities, including emails transmitted and received and access to the Internet, and reserves any other rights necessary to protect them. Users should not send or allow to be sent to them private emails which they wish to remain private, and should understand that emails, messages and other electronically stored information may be viewed by others during periods of absence.