Security Awareness

University of Massachusetts > Security Awareness Policy FAQ > Security Awareness Policy FAQ

Policy

• What University polices/guidelines should I be aware of?
• Where can I find the University's data and computing policies and guidelines?
• How do University data and computing policies and guidelines get created?
• What happens if I don't follow University Data and Computing Policies and Guidelines?
• Does the University examine computer files?
• Do University Data and Computing Guidelines apply to me if I am using my computer from home or from a dorm room?
• Can I use the University logo/trademark on unofficial web pages?
• Where do I report violations of the University Data and Computing guidelines?
• What are some examples of computer abuse of University computing resources?
• Do University computer systems record information about user sessions?

Policy

What University polices/guidelines should I be aware of?

You should be aware of and comply with all University Data and Computing Guidelines. Detailed Guidelines can be found at UMass Data and Computing Policies.

Date Revised : 2006-03-02

Back to top

Where can I find the University's data and computing policies and guidelines?

University Data and Computing Policies and Guidelines can be viewed at: UMass Data and Computing Policies.

Date Revised : 2006-03-22

Back to top

How do University data and computing policies and guidelines get created?

Draft policies and guidelines developed by the University's Policy Subcommittee which reports to the Information Technology Council (i.e., ITC), a group of upper management responsible for information technology direction at the University. The draft policies and guidelines are distributed to the ITC, the University's General Counsel Office and Campuses for comment. Comments are reviewed, drafts updated as needed and the final guidelines are submitted to the ITC for approval. Once policies are approved by the ITC they are submitted to the University's Board of Trustees for final approval. Once guidelines are approved, the University Chief Information Officer distributes them to the Chancellors indicating when the guidelines become effective and that campuses need to develop, implement and disseminate procedures which comply with the specific guidelines. The above noted Policies and Guidelines have been approved and can be viewed at: UMass Data and Computing Policies.

Date Revised : 2006-03-22

Back to top

What happens if I don't follow University Data and Computing Policies and Guidelines?

University Data and Computing Policies and Guidelines contain compliance statements that specify the University's response to someone not following the policy/guideline.  You can expect to lose your computer account; be disconnected from the network; be denied or given limited (i.e., to allow for the performance of required academic or employment related tasks) access to University data, applications and/or computer systems; and/or be subject to reprimand, suspension, dismissal/termination, or other disciplinary action.  Additionally, these individuals may be charged with criminal offenses or have civil action taken for computer abuses.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Back to top

Does the University examine computer files?

The University does not routinely monitor the content of computer systems/resources including files, programs and electronic communications/emails. The University has the responsibility and authority to access, review and release University data, electronic information that is transmitted over or stored in University systems or facilities, and to monitor individual accounts to the extent the University determines to be reasonably necessary for legitimate administrative purposes, including but not limited to a determination by appropriate University officials that there is a reasonable basis to believe that such action:

1. Is necessary to comply with legal requirements or process, including but not limited to subpoenas, writs or warrants;
2. May yield information of use in the investigation of a suspected violation of law or of University policies, procedures and codes of conduct; or when a system security or system operation has been compromised or used for unauthorized activities;
3. Is needed to maintain or protect the integrity or operations of University computing systems;
4. May yield information needed to deal with an emergency; or
5. In the case of University employees and officials, may yield information that is needed for the ordinary business of the University.

Additionally, the University has the responsibility and authority to scan computers attached to the University's wired and wireless networks to ensure appropriate security, and support network operations and performance. The University does not routinely examine files of authorized user accounts however, to protect the integrity of the computer systems and to protect legitimate users from the effects of unauthorized or improper use of the University's computing facilities, system, network or security administrators may inspect, copy, remove or otherwise alter any data, file or resource that may undermine the proper use of the computer system. Such action will be based on reasonable suspicion, authorized by the system, network or security administrator's supervisor and may be taken with or without notice to the user. Additionally, computer center personnel may access others' files when necessary for the maintenance of the computer system. When performing maintenance, every effort is made to insure the privacy and confidentiality of authorized user files.


Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)
Date Revised : 06-03-22

Back to top

Do University Data and Computing Guidelines apply to me if I am using my computer from home or from a dorm room?

Yes if you are dialing in to a University network. University Data and Computing Guidelines apply to all computer systems owned, leased or maintained by the University. This includes: mainframe, mini and microcomputers/PCs; servers; networks (regardless of type - LAN, WAN, etc.); routers; bridges; hubs; and various peripheral equipment including but not limited to printers and modems.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Back to top

Can I use the University logo/trademark on unofficial web pages?

Restrictions and allowances for the use of the University logo/trademark are detailed in the Trademark and Licensing Policy for the University of Massachusetts System.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2004-02-24

Back to top

Where do I report violations of the University Data and Computing guidelines?

You can either report a violation by sending an email to securitytraining@umassp.edu or you can contact your campus IT department.

Date Revised : 2004-03-24

Back to top

What are some examples of computer abuse of University computing resources?

Abuse of Computing Resources (PDF)

Back to top

Do University computer systems record information about user sessions?

University computer systems/resources may record information about each user session. Information recorded includes the username/operator id associated with the session, the login and logout dates and times, and the amount and kind of computer resources used during the session. This information is used for legitimate University purposes including issues of law, abuse, security or system managements.

Policy Referenced : Responsible/Acceptable use of Computing and Data Resources (PDF)

Date Revised : 2006-03-22

Back to top