Docstoc

IT Security Policy

Document Sample
IT Security Policy Powered By Docstoc
					                                     IT Security Policy:
                                Quickstart Guide for All Users
                                               Version 1 - 3rd January, 2001


Table of Contents

1.    Background
2.    Quick Guide
3.    Warnings
     3.1. Gross Misconduct
     3.2. Offences in Law
4.    Monitoring


1.       Background
         The University IT Security Policy is of necessity a complex document covering many aspects of security,
         conditions of use, and operating guidelines. The full University IT Security Policy consists of seven documents
         and can be found on our web site at: http://www.rgu.ac.uk/its and can be found under the index subheading
         Policies.

     1.1. "IT Security Policy"
     1.2. "Standards and Guidelines for All Users of University Computing and Network
          Facilities".
     1.3. "Standards and Guidelines for Strategic Systems."
     1.4. "Standards and Guidelines for School-Based Systems."
     1.5. "Standards and Guidelines for Desktop Computers."
     1.6. A copy of the JANET Acceptable Use Policy.
              This short "Quick Start" guide for all users to conditions of use.

              All users should take the trouble to read, in particular, the full text of "Standards and Guidelines for All
              Users of University Computing and Network Facilities".

              All users are also asked specifically to read and comply with the two very short sections which cover
              virus protection and the sharing of passwords and login identities.

              For normal, decent minded, people, our conditions of use do not present any onerous burden. But we
              have to be specific on certain activities which are regarded as unacceptable. These are broadly
              summarised below, and referred to in full in the rest of the Security Policy.

2.       Quick Guide
         The following is a commonsense guide provided as a quick introduction on the key features of our conditions
         of use. It in no way supersedes or replaces the full text of our security policy and is here as a guide only:

           University computing facilities are an expensive resource – please treat them accordingly.
           The facilities are provided for use in teaching, learning, research and administration. Do not use them for
            anything else other than very incidental personal use.
           Do not use computing facilities for personal commercial use.
           Do not use computing facilities for downloading, storing, viewing or transmitting any material which is (or
            may be considered to be) defamatory, inflammatory, discriminatory, obscene or any other offensive
            material.
           Do not breach intellectual property rights of the University or third parties by copying material or software
            without authorisation.
           Do not attempt to gain unauthorised access to any part of the computing facilities.
           Do not share your password or logon identity with anyone else.
           Do not misrepresent the University or bring it into disrepute in any way through the use of computing
            facilities, and in particular communication facilities.
           Do not willfully or recklessly damage our computing facilities, waste or misuse the resources they offer or
            waste the time of staff who support them.
           Be polite and courteous to others when using our computing facilities and in particular the communication
            mechanisms they offer (e.g. e-mail).

3.       Warnings
     3.1 Gross Misconduct

     Certain activities, which are fully described in the full policy, will be regarded as Gross Misconduct by
     the University, and are subject to severe penalties for both staff and students, including (for staff)
     dismissal or (for students) expulsion:

     These include but are not limited to:

           Damage, or interruption to the use of computing facilities.
           Gaining or attempting to gain unauthorised access to any part of the computing facilities or information
            stored therein.
           Willful or reckless infringement of any intellectual property rights of the University or third parties.
           Viewing, transmission or storage of any material which is (or may be considered to be) defamatory,
            inflammatory, discriminatory, obscene or any other offensive material.
           Harassment, abuse or other offensive personal or collective communication.
            For a more complete description of matters that may be regarded as gross misconduct you should refer to
            page 4 of this policy and the University's disciplinary codes for staff and students respectively.

     3.2. Offences in Law
              Certain activities, which are also referred to in the full policy, may constitute an offence in Law.
              There are specific offences stated under the Computer Misuse Act, the Data Protection Act, and other
              acts governing the possession of extremely offensive or certain types of pornographic material.

              Some of these offences are punishable by imprisonment and/or fines.

              Users should be aware that if they commit an offence in law in the course of using the University
              Computing Facilities, they may be liable to severe criminal penalties over and above any disciplinary
              action taken by the University.

              Breach of the policy may involve you in personal civil liability either to the University or a third
              party.

4.       Monitoring
         The University, through authorised individuals, reserves the right to periodically check and monitor the
         computing and networking facilities, including emails transmitted and received and access to the Internet, and
         reserves any other rights necessary to protect them. Users should not send or allow to be sent to them private
         emails which they wish to remain private, and should understand that emails, messages and other
         electronically stored information may be viewed by others during periods of absence.

				
DOCUMENT INFO
Shared By:
Stats:
views:330
posted:2/19/2010
language:English
pages:2
Description: IT Security Policy