Security Awareness

University of Massachusetts > Security Awareness > Policies & Guidelines

Summary of University Data and Computing Use Requirements

Since many users share information data and technology, and because of legal and ethical requirements, all users need to be aware of their responsibilities related to data and computing at the University of Massachusetts. Please familiarize yourself with summary information below as well as the University of Massachusetts Data and Computing Policies and Guidelines for use of information technology. Remember that observing these guidelines will help to make computing and use of the network services more pleasant for all users. Please use the University data and computing FAQ to clarify policy, guideline, and use questions.

General

The data and computing resources of the University are provided to support academic and administrative users, and the University missions of teaching, research and public service. Users should access/use University data and computing resources in a responsible and ethical manner, respecting the privacy and rights of others and for approved purposes only. Users should comply with all University data and computing policy, guidelines/standards, campus procedure, and state and federal laws.
The same standards of intellectual honesty and plagiarism apply to software and electronic data as to other forms of published work. For example, individuals should not copy another's computer file and submit it as theirs nor should they work with someone else on an assignment, sharing the computer files and then submit that file, or a modification thereof, as their own individual work.
University data and computing users should properly create, access, use and dispose of University data based on the data's classification (e.g., Confidential, Restricted, Unclassified, etc.). See University Data and Computing Standards for classification information.

All computer systems accessing University data and networks must have antiviral software installed and continuously enabled so the spread of viruses within the University computer systems is prevented. Authorized users downloading software from a network or installing software from a disk/CD-ROM, must check the software for possible virus infection before they use it.

Privacy

All students and employees may obtain an email account. Students are free to use email for personal use. Email is made available to employees for the purpose of conducting University-related business, but occasional social/personal use is allowed providing it does not interfere with an employees' job duties or University business or operations.

The University does not routinely monitor the content of computer systems/resources including files, programs and electronic communications/emails. The University considers a personal email message to be private however, the University has the authority and reserves the right to look at any documents/files including emails stored or transmitted on/across University computer systems and networks if there is cause to believe that the standards for acceptable and ethical use are being violated by a member of the University community, a trespasser is on its systems or networks, or for other legitimate administrative reasons. The University also has the responsibility and authority to monitor individual accounts if the University determines this monitoring is necessary for legitimate administrative purposes.

Please note that due to information technology, the privacy, security, and authorship of documents and messages stored in and transmitted via electronic media cannot be guaranteed. Additionally, emails can be stored, copied, printed or forwarded by recipients. As such, you should not write anything in an email that you would not feel just as comfortable putting in a memo. 

Email users must use email and any other electronic communications tool in a responsible manner consistent with other business communications (e.g., phone, correspondence, etc.). Responsible email use includes: not "rebroadcasting"/sending an email to a third party obtained from another individual that the individual reasonably expects to be confidential; not posting materials that are of a fraudulent, defamatory, harassing, or threatening nature; not sending chain emails or spamming; and not unlawfully soliciting or exchanging copies of copyrighted software via email.

Security

Be particularly careful of your password. Do not give your password to anyone or type your password when someone is watching. Do not write down your password or store it in batch files, automatic login scripts, terminal function keys, or in other locations where another person might discover them. Once someone has your password it is possible both to look in your directory and to use your username for malicious purposes.

Do not log on to a computer/network with your id/password and let another person use your access. Make sure you log off the computer while you step away from your desk for an extended period of time. Staying logged on leaves your id and the system vulnerable for misuse. You are responsible for all activities that take place from your account. All activity should be conducted in accordance with their role and responsibilities at the University. Additionally, any person attaching a wireless client to any University network (wired or wireless) is responsible for the security of the device and for any intentional or unintentional activities from or to the network pathway that the device is using.

The University takes reasonable steps to protect files stored on the university systems from unauthorized access, however, the University cannot guarantee the confidentiality of any of these files.

The University recommends the installation of personal firewalls on all University owned systems and any computer accessing University computer and network systems. The University offers inexpensive personal firewall software to all employees and students for work and personal use.

Privacy

The University systems may record information about each user session. Information recorded includes the username/operator id associated with the session, the login and logout dates and times, and the amount and kind of computer resources used during the session. This information is used for legitimate University purposes including issues of law, abuse, security or system managements.
When the University has reasonable belief that system security or system operation has been compromised or it has been used for unauthorized activities, the University has the responsibility and authority to review the contents of all computers including files, programs and emails.

Remember that any printouts in public places are likely to be seen by others.

Computer Abuses

You can expect to lose your computer account, be disconnected from the network, have your web page removed, face disciplinary action up to and including termination, possibly be charged with criminal offenses or have civil action taken for computer abuses such as:

• Unauthorized access of another person's computer or email account
• Unauthorized access of University data or systems
• Misrepresenting either the University or your role at the University to obtain access to data or computer systems
• Attempting to intercept any network communication for purposed including but not limited to: reading message/file content; rerouting packets; or packet sniffing
• Using computing resources to access any other computer system (on or off-campus) without authorization
• Disseminating any confidential information unless such dissemination is required by the individual's job at the University
• Deleting or copying files from another person's computer account
• Taking advantage of another user's naive to gain access to his/her files
• Preventing someone from using his/her account by changing the password or other tampering
• Sending offensive, harassing or threatening messages or repeated unsolicited mail
• Abusing the networks to which the University belongs
• Use of the computer or network for monetary gain, political purposes or illegal activities
• Illegal use of downloaded copyrighted materials including print, audio, and video
• Intentionally writing, producing, generating, copying, propagating or attempting to introduce any computer code designed to self-replicate, damage, or otherwise hinder the performance of any computer's memory, file system, or software unless such action is part of authorized research or testing. Such software is often referred to as a virus, worm, Trojan Horse, or some similar name
• Illegally distributing copyrighted software within or outside the University through any mechanism, electronic or otherwise
• Using University data or computing resources/systems to violate state or federal laws/regulations
• Performing or assisting in the performance of any act that will interfere with the normal operation of computer, terminals, peripherals, networks, or in any activity that interferes with the rights of others such as writing/releasing viruses

Reports of abuse to your account can be made by contacting your system administrator. Please also note that your campus may have additional acceptable use requirements. Contact your system administrator for more information.

The PDF files on this page require the free Adobe Acrobat Reader.