Acceptable Use Policies (draft)

From Security Wiki
Jump to navigationJump to search

SDSC Acceptable Use Policies

Revised: July 05-2007 Emilio Valente

Objectives:

To be effective, information security policies must be a team effort involving the participation and support of every user and employee who deals with SDSC information (data) and information systems. In recognition of the need for teamwork, this AUP statement clarifies the responsibilities of SDSC users and the steps they must take to help protect SDSC information (data) and information systems.

This document describes ways to prevent and respond to a variety of threats to information (data) and information systems including unauthorized access, disclosure, duplication, modification, appropriation, destruction, loss, misuse, and denial of use.

Scope:

This policy applies to SDSC users: employees, contractors, consultants, temporaries, including all personnel affiliated with third parties and students of Educational Institutions. In addition, this policy applies to all computer and network systems owned by or administered by SDSC personnel and applies to all operating systems, computer sizes, and application systems.

Policy:

All SDSC users are bound by the University of California Electronic Communications Policy http://www.ucop.edu/ucophome/policies/ec/html/ and UCSD POLICY AND PROCEDURE MANUAL SECTION: 135-3, http://adminrecords.ucsd.edu/ppm/updates/135-3.PDF .

SDSC user agrees to behave in an ethical manner and will be responsible for his or her own actions. Under California State Law any person who maliciously accesses, alters, deletes, damages or destroys any computer system, network, computer program or data is guilty of a felony.

SDSC user understands that SDSC network is a shared resource and will not intentionally take actions which will interfere with the operation, integrity or security of the SDSC network.

SDSC user understands that network traffic and files may be subject to search under court order. In addition, SDSC Security Group Personnel may monitor network traffic or access user files as required to protect the integrity of the computer network.

SDSC user understands that access to the network may be temporarily suspended during maintenance and that SDSC personnel will not be liable for damages due to a failure of some network services or due to a breach of security.

SDSC user should understand that misuse of networking resources may result in the loss of privileges. Additionally, misuse can be prosecuted under applicable statutes. The SDSC user may be held accountable for his/her conduct under any applicable SDSC, UCSD or campus policies, procedures, or collective bargaining agreements. Complaints alleging misuse of SDSC network resources will be directed to those responsible for taking appropriate disciplinary action.

Access to SDSC facilities is a privilege conditioned upon your compliance with the current Acceptable Use Policies. Please recognize that maintaining a productive computing environment is a cooperative venture, successful delivery of quality services depends on individual users acting responsibly.

SDSC users are liable for any and all activities on their accounts. All relevant federal and state laws, as well as SDSC and UCSD and campus regulations and policies apply.

Examples of misuse include, but are not limited to, the activities in the following list.

- Violation of applicable federal or state laws and campus regulations, including but not limited to the transmission of threats, harassment, defamation, obscenity, and pornography; theft of or unauthorized access or use of SDSC resources.

- Copyright infringement. Be aware that reproduction or distribution of copyrighted works, including, but not limited to, images, text, or software, without permission of the owner is an infringement of U.S. Copyright Law and is subject to civil damages and/or criminal penalties including fines and imprisonment. This includes activities such as making software available for copying on your computer and connecting that computer to the SDSC networks (whether via dial-in or the on-campus networks).

- Giving other people access to your computer account without SDSC personnel authorization.

ACCOUNT SHARING IS A SERIOUS POLICY VIOLATION. SDSC USERS SHOULD NOT GIVE OR ALLOW ACCESS TO THEIR ACCOUNTS TO ANYONE, INCLUDING TRUSTED FRIENDS, CLASSMATES OR RELATIVES. Indications of account sharing are generally indistinguishable from the symptoms of account piracy. Sharing therefore creates an emergency situation for SDSC Security Group Personnel and system administrators and results in a major waste of staff time.

- Engaging in activities which compromise SDSC computer security, SDSC networks or disrupt SDSC services, at any site. Using resources or accounts without authorization. Capturing passwords. Collecting or using tools designed to check for computer system or network security vulnerabilities without prior written approval from SDSC Security Group Manager.

- Altering SDSC system software or hardware configurations or circumventing resource control mechanisms.

- Knowingly running or installing on any SDSC computer system or networks, or giving to another user, a program intended to damage or to place excessive load on a SDSC computer system or networks. This includes but is not limited to programs known as computer viruses, Trojan horses, and worms.

- Using SDSC facilities for commercial purposes or personal financial gain (except where permitted by academic policy). This includes setting up a commercial Web site on your personal computer which is made accessible to the world via a connection to SDSC networks.

- Sending electronic junk mail or chain letters.

- Posting material to electronic bulletin boards, news groups, or mail lists which is illegal, or otherwise at variance with applicable codes or rules for network access and use (e.g. Usenet rules published in news.announce.newusers).

- Engaging in activities which result in an excessive and avoidable level of complaints to UCSD or SDSC Personnel. For example, publishing controversial material without identifying the individual or organization responsible for the publication and without providing a clear means for direct feedback and handling of complaints by the publisher.

- Wasting resources; leaving non-essential processes running when you are not logged in.

- Tying up special equipment unnecessarily and thereby preventing others from doing their work. Filling up public areas of disk with large files. Running simultaneous compute intensive jobs.

- Using SDSC accounts for unauthorized purposes. SDSC Management reserves the right to adjust account resource allocations to avoid over-use of SDSC systems for sponsored research computing. Enforcement:

Violations of SDSC Acceptable Use Policies may result in the disabling of an account and loss of computing privileges. Additionally, violations may subject the account holder to disciplinary action under SDSC and/or UCSD regulations, and criminal prosecution under applicable statutes. SDSC Security Group Manager reserves the right to disable accounts without notice to halt or prevent suspected violations of computing policies. If you are unsure about the permissibility of any behavior or use, send mail to security@sdsc.edu to request clarification.

In compliance with the UC Electronic Communications Policy, issued November 17, 2000 (http://www.ucop.edu/ucophome/policies/ec/), SDSC IT Group Personnel makes every effort to provide reliable services, and respects the privacy of electronic communications. As a practical matter, in order to provide technical assistance with electronic communications services such as electronic mail, SDSC IT Group Manager treats requests for assistance as implied consent to inspect electronic communication records. Such requests may be made directly to SDSC IT Manager or indirectly via communications with another SDSC office. In any event, inspection is limited to the least perusal necessary to render the requested assistance.


SDSC AU policy statements are updated as needed to address new situations. All users are responsible for knowing current policy, which can be reviewed on-line at URL: http://security.sdsc.edu.


Produced by San Diego Supercomputer Center staff at the University of California, San Diego Main Offices: 9500 Gilman Drive, 92093, San Diego, CA