Explainer: Acceptable Use Rule (4-004A)
The University of Utah’s Acceptable Use Rule (4-004A) supports Information Security Policy (4-004), which we covered last month. As we wrote then, the U’s IT security policy, rules, and guidelines aim to protect the university’s IT resources and systems, and data, including that of students, faculty, staff, guests, patients, vendors, and more.
What does it say?
Rule 4-004A outlines the role and responsibilities of the university and its users in relation to the university’s IT resources (devices), information systems (applications or servers), and electronic resources (e.g., internet, email, and social media) and how the U protects them. Essentially, the rule defines acceptable, unacceptable, and legitimate uses of the university’s technology.
Some items covered in the rule:
- Authorized use (e.g., authorized and unauthorized users, personal use, email use, social media use, and cloud services use)
- Responsible use (e.g., ethics, fraud, illegal behavior, solicitation, and overuse)
- Internet use (e.g., risks and personal use)
- Privacy expectations (e.g., monitoring, personal info, passwords, and authentication)
Why should I care?
If you learn, work, research, or do business with the university, you use the U’s IT systems and resources — from the Campus Information Services (CIS) portal to Wi-Fi networks. That means you have a responsibility to follow university IT security guidelines to protect those systems and resources, as well as any confidential data that flows through them, from data breaches and other IT security incidents.
The university also is responsible for protecting your privacy and confidential data.
IT security incidents are costly, both financially and personally. They can lead to identity theft, damaged reputation, fines and/or penalties, operational disruption, compromised devices, lost time, downtime, data loss or manipulation, and service interruptions. The University of Utah and its community members are especially at risk of cybercrime because the U is a public higher education, research institution, and health care organization, all of which handle large amounts of confidential data.
Who does it apply to?
All users — faculty, staff, students, affiliates, guests, and patients. Anyone who accesses a university IT system or resource, including contractors, vendors, and outside researchers.
Up next month in the September Node 4 newsletter — Rule 4-004B: Information Security Risk Management
Node 4
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.