Information Technology Access and Security Policy

As a new student, please review the contents below, then please please print, sign and return the Account Agreement Form found here.

Stevenson University’s information resources, including its computer facilities, systems, and data or information, are maintained by the University as an educational and research facility for its faculty, staff, and students. Access to information resources and the information technology environment is a privilege and must be treated as such by all users of the University’s computing and network resources. The University reserves the right to extend, limit, restrict, or deny computing privileges and access to its information resources.

All users of the information resources must respect the rights of other users, the integrity of physical facilities and controls, and pertinent license and contractual agreements regarding the information, system and/or software. Users must remember that data and information is vulnerable to the undesirable influence of unauthorized modification, disclosure, and destruction, either deliberately or accidentally. Therefore, users must guard against abuses that threaten or disrupt the viability of the University’s system.

Any user of the University’s computerized resources who, without authorization, distributes, accesses, uses, destroys, alters, dismantles, disfigures or disables University information resources is a threat to the secure environment of the University community. These actions, amounting to computer crimes, constitute unethical and unacceptable conduct which the University will not tolerate. Violations or noncompliance with this Policy, including unauthorized access to the University’s system, will result in the revocation of the privilege to access information resources at the University and may also be subject to appropriate discipline, including expulsion or termination of the offender from the University. Additionally, such violations may constitute a criminal offense, punishable under the Federal Computer Fraud and Abuse Act of 1986, which includes sanctions of monetary fines and/or imprisonment.

In order to protect the rights and recognize the responsibilities of the individual and the institution, the University sets forth this Information Technologies Access and Security Policy. The intent of this policy is to ensure the confidentiality, availability, and integrity of University data; to reduce the risk of data loss by accidental or intentional modification, disclosure or destruction; to prevent the unauthorized use of information for commercial gain or malicious purposes; to ensure the availability and proper operation of the University’s computer system for all authorized users; and to set forth the University’s rights and remedies in the event of such occurrences. Each individual in the University community is responsible for understanding this policy and complying with its terms.

STEVENSON UNIVERSITY – AGREEMENT FOR USE OF COMPUTING FACILITIES

I hereby acknowledge that permission is granted to me by Stevenson University for academic, non-commercial use of the computing and communications facilities and services of the University’s Computer Center and in consideration for such access, after reading this Agreement for Use of Computing Facilities, my signature acknowledges that I understand the Agreement and agree to be bound by it and to perform the responsibilities set forth below.

1. ACCESS

Only the University’s full-time or part-time faculty, staff and students will be permitted to have access to the University’s computer systems and for only such time as such status is maintained as employees or students.

2. RESPONSIBILITIES FOR INFORMATION TECHNOLOGY SECURITY

As a user of the University’s computer systems, I am personally responsible for my actions on the system or those actions done under my password on the system. Therefore, I must protect that information as I would any valuable asset. It is the responsibility of all members of the University community to protect the University’s information assets.

As a user of the University’s information resources, I am responsible for adhering to all state and federal laws and University policies, standards, and procedures for maintaining and securing information resources and data, including the following:

  1. Maintaining data confidentiality;
  2. Maintaining the confidentiality of data security controls and passwords. I am aware that passwords verify my identification and are the cornerstone to the system’s security. I WILL NOT DISCLOSE MY PASSWORD TO ANYONE either by telling others or allowing others to oversee me enter it into the University’s system; I WILL NOT ALLOW ANYONE TO USE MY LOGIN AND PASSWORD AND I WILL ONLY USE MY TRUE NAME AND IDENTITY IN ALL E-MAIL AND INTERNET COMMUNICATIONS. I AM RESPONSIBLE FOR ALL ACTIONS TAKEN USING MY LOGIN.
  3. Reporting to Computer Services any circumstances that seem unusual or irregular about the system. I will report such things as unexplainable system activity that I did not perform, questionable data, or unexpected or incorrect processing results;
  4. Executing a confidentiality or ownership agreement, if requested by the University;
  5. Accessing and using only that information which is authorized by Computer Services;
  6. Insuring that my use of the computing facility does not interfere with other users or with proper functioning of the system;
  7. Protecting against viruses by allowing the computer to run a virus check at least once a day and not using unauthorized software;
  8. Protecting my equipment. Keeping it away from food and drink;
  9. Using only those computers for which I am authorized;
  10. Not encroaching on or disturbing another’s use of the computer equipment via excessive message sending or printing;
  11. Not playing any unauthorized games on the University’s computers;
  12. Not attempting to access restricted portions of operating systems on software;
  13. Not attempting to discover or exploit security weaknesses of any computer, telephone or network system. Not possessing tools (software or hardware) for such purposes while on campus and/or using such tools while on campus.
  14. Displaying my current valid student I.D. card on the top of my computer terminal at all times while working on the University’s computers and while using the information system.

3.0 ILLEGAL USE OR COMPUTER ABUSE

Listed below are some examples of activities which are harmful to other users and amount to computer abuse or illegal use of the University’s information resources. I agree that such behaviors are not permitted and acknowledge that the University will not tolerate them.

  1. Unauthorized use of a password, including using or changing another person’s password without authorization;
  2. Unauthorized use of University information for financial gain including using University passwords to perform computing services for commercial or other organizations outside of the University. Such prohibited services include development of programs for commercial users, data processing, computations, preparation of advertising material, etc.
  3. Acts that compromise information resources security. The disclosure of secret or confidential information obtained from the University’s system, including sharing of passwords and leaving a terminal unattended while logged on which allow unauthorized transactions. Unauthorized accessing or reading of files, data information, programs or display screens;
  4. Unauthorized use of University information for malicious purposes. The intentional unauthorized access, use, destruction, alteration, dismantling, disfiguring, or disabling of any University information resource, including the intentional introduction of a computer virus. Possessing in a file, or using programs capable of fraudulently simulating system responses; modification of or possession of systems control information, especially that which reflects program state, status or accounting. Attempting to modify or crash the system, including intentional corruption or misuse of information resources. Frivolous, disturbing, or otherwise inconsiderate conduct in the terminal areas, as well as wasteful use of the facilities for making signs, posters, calendars, etc., on the printers;
  5. Computer assisted plagiarism, including copying another student’s assignment from a computer file and submitting it as the user’s own work product, using another’s work as a model for the user’s own without acknowledgment, knowingly permitting another to copy or use files and submit the work (or slightly modified work) as the user’s own work.
  6. Use of information resources for illegal, inappropriate, or obscene purposes, or in support of such actions, including the use of terminals for sending nuisance or obscene messages. Sending fraudulent computer mail, breaking in to another user’s electronic mail box, or reading another’s electronic mail without prior permission. Sending any fraudulent electronic transmission including requests for confidential information or purchase requisitions;
  7. Violation of any software license agreement or copyright, including copying or redistributing copyrighted computer software or data reports from the local or network drives without authorization. Violation of property rights of copyright holders who are in possession of computer generated data, reports, and/or software. Unauthorized copying, storage, and/or use of any software on any University computer in violation of the software licensing agreement. Unauthorized personal use of any software which has been purchased by, or developed for the University, and considered intellectual property of the University, regardless of the form or format of the software (or copies), and including source code;
  8. Modification of or attempting to modify or remove computer equipment, software, or peripherals without authorization;
  9. Installing or loading software to the local or network drives on the University’s personal computers; and
  10. Vandalizing computer facilities, equipment, software or files.

4.0 PENALTIES

The Director of Computer Services, the President and/or Dean of the University, may take any of the actions listed below against users suspected of or who do not comply with or violate this policy pursuant to all rules and regulations of the University, the State of Maryland and/or Federal law.

When investigating suspected misuse of the University’s information resources, the University should ordinarily ask the user’s permission before inspecting the user’s files, diskettes, tapes and/or electronic mail. If, however, it is in the best judgment of the Director of Computer Services that: (1) a user(s) is suspected of malicious intent to damage the computer or system; (2) the action of a user(s) threatens other users or the system such that there is imminent danger; (3) the user is not available in a timely fashion; or (4) where notifying the user would impede a sensitive investigation of computer abuse, the Director may take such actions without obtaining permission of the user(s). In that event, the Director should as soon as possible notify the President and/or the Dean of the action, the reasons for taking such action and the identity of the user(s) involved.

Similarly, during the course of an investigation, the Director may find it necessary to restrict private documents. In such event, the Director should as soon as possible notify the President and/or the Dean of the action, the reasons for taking such action as well as the identity of the user(s) involved. Should a user’s documents be restricted during an investigation, the user may appeal the suspension of access or restriction and petition the President for reinstatement of computer privileges through the University’s Hearing Committee as set forth in the Student Handbook.

The sanctions for abuse or violations of any state and/or federal law, this Agreement or any of the University’s policies regarding information systems and/or resources include:

  1. Termination of a program or online session; an irresponsible user at a terminal may be logged off. Similarly, a harmful job running on any system may be canceled;
  2. Revocation or invalidation of a user’s password, login or access to the computer resources;
  3. Violations involving students may be referred directly to the appropriate academic or administrative authorities where penalties may also include restitution, warning, censure, suspension, termination, and expulsion, pursuant to the provisions set forth in the Student Hand Book regarding the University’s Hearing Committee procedures;
  4. Violations by faculty and staff may prompt nonreappointment, discharge and/or dismissal from employment; and/or
  5. Serious incidents may also be referred directly to outside authorities. Unauthorized use of computer facilities may constitute a civil and/or criminal offense, including copyright violations and violations of the Federal Computer Fraud Abuse Act of 1986, which includes sanctions of monetary fines and/imprisonment.

5.0. DISCLAIMER OF AND WAIVER OF LIABILITY

The University makes every effort to ensure the integrity of its computer system. All computer systems available to users offer some form of dataset protection which can be modified by an authorized user as needed. However, none of the systems offer absolute security. Thus, I am aware that I should never place sensitive information on publicly accessible online volumes (disks). The University cannot, under any circumstance, be held liable for the consequences of such actions.

I acknowledge that the University cannot be held liable for any losses, including lost revenues, or for any claims or demands against the user by any other party and I waive such claims. In no event can the University be held liable for consequential damages even if the University has been advised of the possibility of such damages. The University cannot be held responsible for any damages resulting from the loss of confidentiality, output, or data, time delay, system performance, software performance, incorrect advice from a consultant, or any other damages arising from the use of University’s computer facilities.

In the event that the actions or failure to act of any member of the University community results in any claim or legal action against the University, the University reserves the right to seek compensation or take other appropriate action against the individual or to assist the third party in taking such action.

6.0. PERSONAL COMPUTERS

I am aware that if I choose to use a personal computer rather than the University’s computer system, I am nonetheless responsible for adhering to all policy, standards, and procedures for the use of information resources, including implementing security practices necessary to protect the computer and the data stored on the computer.

ACKNOWLEDGMENTS

This Policy was written using the computer systems polices of Columbia University, the University of Delaware, the University of Illinois State, Drexel University, The University of North Carolina at Charlotte, Colgate University, and Virginia Public Education Network Acceptable Use Policy.

  

© 2011 Stevenson University
1525 Greenspring Valley Road, Stevenson, MD 21153 • 1-877-468-6852