Networking Resources: Use Of Computing Resources
This is LSU's General Policy for Computer Users' Responsibilities.
GENERAL POLICY
Use of the University’s computing resources and network capacity is a privilege, not a right. LSU may limit access to and/or review and monitor its computing resources and the use of computing resources, without notice to or authorization from the user(s), for any reason including user(s) failure to comply with applicable laws and/or University policies and directives. LSU may disclose information pertaining to the use of its computing resources to University administration, law enforcement, investigating authorities, and others as LSU deems appropriate. By law, the University must preserve the confidentiality of certain data and information it maintains about individuals attending or working at the University. However, users should not have any expectation of privacy regarding their use of computing resources or information or data stored on the University’s computing resources, and the University specifically reserves the right, in the course of technical, civil, or criminal investigations to review and copy any data or other information stored on any computing resources, without notice to or consent from any user, by use of forensic techniques or otherwise. To facilitate the security of data and computing resources and compliance with this Policy Statement, the University may monitor all usage of the Internet on or through computing resources and all other use of the University’s computing resources, including, without limitation, reviewing a list of any and all Internet sites accessed by any user and all e-mails transmitted and/or received on any computing resources. University students, employees, contractors, and vendors are subject to legal and/or disciplinary action as a result of any use of computing resources that is illegal, unauthorized, or in violation of this or any other University policy or directive up to, and including, termination or expulsion.
I. Appropriate Use
Each user is responsible for adhering to the highest standards of ethical, responsible, and considerate use of computing resources, and for avoiding those uses prohibited by law or by policies or directives of the University. Under no circumstances can University computing resources be used for illegal or unauthorized purposes.
Specifically, each user of computing resources shall:
• Use computing resources only for authorized purposes in accordance with LSU’s policies and procedures, with federal, state, and local laws, and with regulations by authorities governing the use of data, computing resources, software, e-mail, and/or similar technology.
• Secure and maintain computer accounts, passwords, and other types of authorization in confidence, and inform ITS immediately if a known or suspected security breach occurs.
• Maintain confidential and other protected or proprietary data and information, particularly that prescribed by law and University policy, in accordance with appropriate security measures.
• Be considerate in the use of shared computing resources and network capacity, coordinating with ITS for “heavy use” operations that may slow operations for other users.
• Accept full responsibility for any publication resulting from the use of computing resources and/or publishing Web-pages and similar resources, and ensure that all copyrights and trademarks have been authorized for use.
II. Misuse or Abuse
Appropriate University administrative offices may establish and maintain procedures necessary to investigate, receive, and resolve allegations of apparent abuse or misuse of University computing resources. These offices include but are not limited to the Office of the Dean of Students, Human Resource Management, Information Technology Services, University Registrar, Internal Audit, and LSU Police.
Specifically, each user of computing resources shall NOT:
• Obtain or use another’s log on ID or password, or otherwise access data or computing resources to which authorization has not been expressly and validly given. Users shall not use another’s log on identification or password to hide their identity or attribute their use of data or computing resources to another.
• Copy, install, or use any software, data, files, or other technology that violates a copyright or license agreement. In particular, each user should not distribute or download copies of copyrighted material for entertainment or personal use without explicit permission from the copyright owner.
NOTE: Copyright law applies to materials such as games, movies, music, or software in both analog and digital format. User(s) shall not download an illegally distributed file
to a computing resource. Copyright holders regularly notify Louisiana State University of infringing activity using the procedures outlined in the Digital Millennium Copyright Act
of 1998 (DMCA) and other legal procedures. As a service provider, Louisiana State University must investigate complaints and take action to remove unlawful material. The
law provides means for a copyright owner to obtain the identity of a subscriber. If you illegally possess or share copyrighted materials, you may be denied access to
Louisiana State University’s computing resources, be subject to disciplinary actions via the Office of the Dean of Students and/or Human Resource Management, and possibly face civil and/or criminal legal proceedings and sanctions. Please see http://www.copyright.gov/legislation/dmca.pdf for more information.
• Utilize computing resources to create, transmit, or otherwise participate in any pranks, chain letters, false or deceptive information, misguided warnings, pyramid schemes, or any fraudulent or unlawful purposes.
• Utilize computing resources, including the Internet and/or e-mail, to access, create, transmit, print, or download material that is defamatory, obscene, fraudulent, harassing (including uninvited amorous or sexual messages), threatening, incites violence, or contains slurs, epithets, or anything that may be reasonably construed as harassment or disparagement based on race, color, national origin, sex, sexual orientation, age, disability, or religion or to access, send, receive, or solicit sexually oriented messages or images or any other communication prohibited by law or other University directive.
• Intentionally or knowingly copy, download, install, or distribute a computer virus, worm, “Trojan Horse” program, or other destructive programs, or otherwise harm systems or engage in any activity that could reasonably disrupt services, damage files, cause loss of data, or make unauthorized modifications.
• Monopolize or disproportionately use shared computing resources, overload systems or networks with endless loops, interfere with others’ authorized use, degrade services, or otherwise waste computer time, connection time, disk space, or similar resources.
• Add, modify, reconfigure, or extend any component of the University network (e.g. hubs, routers, switches, wireless access points, firewalls, etc.) without express, written
authorization from ITS.
• Accept payments, discounts, free merchandise, or services in exchange for any services provided through the use of the computing resources, unless expressly authorized in writing by the Office of the Vice-Chancellor of Finance and Administrative Services.
• Endanger the security of any data or computing resources or attempt to circumvent any established security measures, for any reason, such as using a computer program to attempt password decoding. Users must not acquire, store, or transmit any hardware or software tools that are designed to compromise the security of computing resources without the express written authorization of ITS.
• Send unsolicited mass mailings or “spamming. ” Mass mailings should only be sent to clearly identified groups for official purposes, and may not be sent without proper
authorization and coordination (for example, disseminating administrative announcements, notifying students of educational opportunities, or University organizations sending announcements to their members).
• Utilize computing resources to develop, perform, and/or perpetuate any unlawful act or to improperly disclose confidential information including, but not limited to, IP spoofing, packet capturing and port scanning.
• Install, store, or download software from the Internet or e-mail to University computing resources unless such conduct is consistent with the University’s educational and
academic policies or otherwise approved by ITS, in writing.
• Copy, impair, or remove any software located on any computing resources or install any software on any computing resources that impairs the function, operation, and/or
efficiency of any computing resources.
• Utilize or access computing resources or data anonymously or with shared user identifications.
• Engage in any acts or omissions to intentionally or unreasonably endanger or damage any data or the security or integrity of any data or computing resources.
• Allow or assist others to utilize computing resources in a manner that is in violation of this Policy Statement.
• Access, add, or modify any data without proper authorization.
• Utilize computing resources or data in furtherance of, or in association with, any crime or violation of the Code of Student Conduct or other University policy or directive.
• Utilize University computing resources to promote, solicit, support or engage in any commercial activities on behalf of or for the benefit of any person or entity other than the
University
III. Eligibility
In general, access to computing resources is provided to the following groups:
• Active faculty, staff, and students in support of University operations and initiatives. The eligibility of these individuals to access computing resources may be tested automatically and periodically against University records. Other sources may be used where these databases do not accurately reflect an ongoing affiliation.
• Persons not affiliated with LSU engaged in research or support of University operations or University supported initiatives. The eligibility of these individuals to access computing resources and/or data requires initial and periodic verification of need by a Dean, Department Head, or Director. Requests must be accompanied by the reason for the access, the name and contact information of the sponsoring Dean, Department Head, or Director, and the length of time for which the access will be required.
• Access to computing resources by retired faculty and staff is a recognized benefit to the University community as long as providing these resources is economical and does not adversely affect the operations of the University. This statement applies primarily to electronic mail and general purpose academic or research systems. In the event that resources become constrained, this practice may be eliminated or restricted. However, the University, in its sole discretion, at any time may limit, withdraw, or deny access to retired faculty and staff.
NOTE: Colleges, departments, and other administrative units may issue local technology policies and procedures that support their organizational missions and requirements. Such policies may be more restrictive than University policy, but CAN NOT be more permissive. All local technology policies and procedures should be sent to the IT Security & Policy Officer in the Office of the Chief Information Officer (OCIO) for review.
PROCEDURES
I. Appropriate Use
Consultation: The IT Security & Policy Officer in the Office of the Chief Information Officer (OCIO) at Louisiana State University is available to provide advice and consultation related to technology use, including the use of computing resources.
II. Misuse or Abuse
Reporting: Security breaches and apparent or suspected misuse or abuse of LSU computing resources should be immediately reported to the Office of the Chief Information Officer. The IT Security & Policy Officer represents the Office of the Chief Information Officer with respect to these issues. Where violations of the policies and procedures governing computing resources and/or of law are alleged, appropriate law enforcement and/or University administrative offices may be contacted.
Technical Investigation: When technical investigation or computer forensics is required, the IT Security & Policy Officer will coordinate the gathering and interpretation of relevant information. All investigations will proceed in accordance with applicable University practices, policies, procedures, and in compliance with applicable laws protecting the privacy of any education or other personally-identifiable records or data involved in the incident.
Sanctions: Violations may result in sanctions, such as terminating access to computing resources, disciplinary action, civil liability, and/or criminal sanctions. All users are specifically prohibited from taking any steps that block the University’s access to files and data, other than the use of University passwords or approved encryption programs, unless such conduct is consistent with the University’s educational and academic policies or otherwise properly approved by the University. The University may temporarily suspend or block access to any account, data, or computing resources prior to the initiation or completion of such procedures when it is reasonable to do so in order to protect data or the integrity, security, and functionality of computing resources, or to otherwise protect the University or its students and employees.
III. Eligibility
Requests for access to ITS managed computing and networking resources should be directed to the ITS Help Desk. The IT Security & Policy Officer in the Office of the Chief Information Officer at Louisiana State University is also available to provide advice and policy interpretation to any member of the LSU community in these situations.
Requests for access to computing resources not managed by ITS should be directed to the administration office where the service is located. Additionally, requests for use of other technology services (i.e., computers and copy machines) within a specific departmental area should be directed to the Dean, Department Head, or Director of the department in which the service is located.
• Faculty and staff may access and use LSU computing resources until the termination of their affiliation with the University. Renewal is automatic and is based on University
records. User(s) whose status as a student or employee has been terminated by the University are no longer authorized to utilize computing resources, even if their access
has not been blocked by technology services.
• Retired faculty and staff may be provided access and use LSU computing resources, in the sole discretion of the University, as long as there are resources available to support their continued use. However, the University may limit, withdraw, or deny access to retired members of its faculty and staff in its sole discretion. Renewal is automatic and is based on continued active account use and University records. If a resource supporting "active" users becomes constrained and the number of accounts belonging to retired members must be reduced, account use and longevity will be used as the criteria for removing accounts as necessary to recover appropriate resources.
• Students may access and use LSU computing resources until they graduate or are not enrolled for two consecutive semesters (not including Summer). A student's account will be disabled after one inactive semester, and archived after the last enrollment period of the second semester for which the student is not enrolled. Enrollment is determined using University records.
• The University, in its sole discretion, may provide limited access to computing resources for specialized purposes, such as conference attendees, external entities under contract to Louisiana State University, or visitors. A sponsor must be identified on any computer account provided for this purpose, and the sponsor must be a Dean, Department Head, or Director.
• Alumni of Louisiana State University are NOT eligible to use computing resources unless eligible under another category.
• Usernames MAY BE RE-USED after the accounts remain inactive for two years. User(s) have no expectation of privacy or property right or interest in any user name assigned or approved by the University or in their continued use of or access to computing resources. Questions or comments regarding this policy statement should be submitted, in writing, to the Office of the Chief Information Officer.
Reference PS-121