IT Security Awareness User Acknowledgement Agreement

Users shall access or otherwise utilize University information and IT resources only for those activities they are specifically authorized for business purposes, purpose of supporting the University’s mission, and in a manner consistent with University policies, federal, and state laws, and other applicable requirements.

Users shall respect the privacy of others when handling personal information and shall take appropriate precautions to protect that information from unauthorized disclosure or use.

 

 

Data will be accessed on a need to know basis and/or least privileges. Users should save all critical data to the network servers to ensure backup of the data. All data will be backed up for disaster recovery purposes.

All electronic records will be maintained in accordance with the University’s Electronics Records Retention Policy and the Records Retention and Disposition Schedule (General Schedule No. 110 Electronic Records).

 

 

All computers connecting to the VSU network including Virtual Private Network (VPN), must run current and authorized virus prevention software and be updated with the latest software security patches. Virus protection software should not be disabled or bypassed except as required by the temporary installation of software or other special circumstances. Computers that are infected with a virus or other malicious code will be disconnected from the VSU

network until deemed safe by the Office of Information Technology (OIT).

 

 

Sensitive or confidential information shall not be stored on workstations and mobile computing devices (laptops, flash drives, backup disks, etc.) unless specifically justified for business purposes and appropriately secured. If sensitive or confidential information is stored on a workstation or mobile computing device or transmitted to an external network or organization, users shall encrypt or adequately protect that information from disclosure. In addition to encryption, other protections may include the use of passwords, automatic logoffs, and secure Internet transmissions. Sensitive or confidential information also should not be knowingly transmitted via wireless to or from a portable computing device unless approved wireless transmission protocols and security techniques are utilized.

 

The use of software is covered by the copyright law and software licensing agreements. In relation to the use of software, it is illegal to do any of the Software following:

 

• Obtain authorization from the Information Security Officer (ISO) prior to installing software to University computer systems.

 

 

• Copy software or its accompanying documentation, including programs, applications, data, codes and manuals, without permission or license from the copyright owner.

 

• Use a single user license copy to install a program on multiple computers.

 

• Take advantage of software upgrade offers without having a legal copy of the software to be upgraded.

 

• Acquire academic software and use it for commercial use.

 

• Authorize, encourage, allow, compel, or pressure users of the University’s IT computers to make or distribute illegal software copies.

 

 

Users must use the Internet facilities in ways that do not disable, impair, or overload performance of any other computer system or network, or circumvent any system intended to protect the privacy or security of another user. Users must use encrypt and secure sensitive data transmitting over the Internet.

 

 

All mobile computing (i.e. laptops, tablets, Personal Digital Assistants (PDAs), USB flash drives, and handheld devices) should be properly physically secured, locked to prevent devices from theft, and must be password protected using strong authentication methods.

 

 

Users are responsible for helping to maintain the security of workstations and other computing devices by striving to protect them from unauthorized access and malicious software infections (e.g. viruses, worms, and spyware). All PC’s, laptops, personal digital assistants (PDA), and computer workstations should be secured with a password-protected screensaver with the automatic activation feature set to 10 minutes or less to prevent unauthorized access to the device.

 

 

Users are responsible for protecting their passwords. Passwords are not to be shared, copied, overheard, or easily-guessed. Users should take precautions and practice secure password management. Users should not tamper with the baseline security configuration on their workstations and or on workstations in the Academic Computing laboratories. Users shall consult the Office of Information Technology (OIT) or Help Desk for guidance on protecting their computing devices.

 

 

Passwords, identification cards, and other access devices are used to authenticate the identity of individuals and gain access to University resources. Each user is responsible for protecting the access devices assigned to her or him and shall not share the devices with others. If an access device is compromised, lost, or stolen, the individual shall report this to the Office of Information Technology (OIT) or Help Desk (1-800-630-8917) as soon as possible so that the access device is not used by an unauthorized person.

 

 

Desk computers should be locked when not occupied by users to reduce the occurrence of unauthorized entry or access. Password protected screensavers should be enable for inactivity. Desktops computers in public access areas should be properly secured to counter tops or pieces of furniture using security/theft inhibiting devices.

 

 

Users shall report security related events; known or suspected violations of Information Technology Security Policy; and inappropriate, unethical, and illegal activities involving University IT resources. Users shall call the OIT Help Desk (1-800-630-8917) for incident reporting.