University of Illinois Logo University of Illinois Urbana-Champaign University of Illinois Chicago University of Illinois Springfield
Home Search Help
N E S S I E   Home >


Contacts
HR Forms
Human Resources
  Urbana
  Chicago
  Springfield
  UA ER/HR
EEO


UA Acceptable Use of Computing and Network Resources Policy -
Frequently Asked Questions

If you have additional questions that may assist others in the understanding of this policy, please submit them to University Human Resources at uihr@uillinois.edu.

Aren't I already subject to an Acceptable Use of Computing and Network Resources Policy?
Why was this policy developed for UA?
To whom does this policy apply?
What happens if I do not comply?
Section 1 of the Policy places restrictions on the use of University computing resources. Please explain these restrictions.
Section 1 of the Policy indicates that information contained on University computing resources is presumed to be public information. What about the goal of protecting confidential information?
Can I access the University network from a non-University site?
Can I use personal equipment to access the University network?
When accessing the University network remotely with personal equipment, what actions must be taken to ensure the security of the equipment and data?
Can my family use the University owned equipment?
Is the IT department permitted to examine the contents of files?
Can I install software on my home or office University computer?
The policy restricts the storage of confidential and high-risk information. What do these terms mean?
What do I do if I think someone else knows my password and I KNOW I haven't given it out?
What do I do if I think or know someone has violated something listed in the Unacceptable Use section?
If I report a possible security breach, can I remain anonymous?
Who can I contact with questions about this policy?


Aren't I already subject to an Acceptable Use of Computing and Network Resources Policy?

The "Information Security Policy - The University of Illinois" which is published as Section 19.5 of Business and Financial Policies and Procedures provides overall guidance on the use of University of Illinois Information assets. This important statement of policy, intended to be flexible enough to serve all users and all campus locations, sets out foundational requirements for appropriate management of information. Using this as a baseline, individual campuses and certain other departments have established policies which address their unique requirements and which complement and supplement the University-wide Information Security Policy.

Why was this policy developed for UA?

There are two principal reasons for establishing a policy to guide University Administration employees in the conduct of their responsibility to protect the University's Information Assets:

  1. University Administration employees are often in possession of vast amounts of highly confidential information. The University is obligated to protect that information on behalf of many different stakeholders. Our students, their parents, alumni, other members of the faculty and staff, as well as many others count on the University to establish policies and practices that ensure the safety of this information. University Administration employees, because of their broad and frequent access to this data, are responsible for protecting this information.
  2. University Administration employees are located in each of the campus environments. Each campus has its own Acceptable Use Policies that guide employees, including University Administration employees, in the access, use and handling of Information assets. However, the campus policies are unique and requirements and guidelines vary from campus to campus. Consequently, two employees assigned to the same University Administration unit, but located on separate campuses, may have different policy guidance regarding the protection of Information assets. An important goal in establishing a University Administration Acceptable Use Policy was to provide consistent guidance for University Administration employees across all campuses.

To whom does this policy apply?

This policy applies to all employees, contractors, consultants, temporaries, and other individuals assigned to University Administration (UA).

What happens if I do not comply?

UA users who violate this policy may be denied access to University computing and network resources and may be subject to other penalties and disciplinary action, both within and outside of the University. Violations will normally be handled through the University disciplinary procedures applicable to the relevant user. However, the University may temporarily suspend or block access to an account, prior to the initiation or completion of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of University or other computing resources or to protect the University from liability. The University may also refer suspected violations of applicable law to appropriate law enforcement agencies.

Section 1 of the Policy places restrictions on the use of University computing resources. Please explain these restrictions.

University computing resources are provided to support the administrative objectives of the University. These resources are intended for the sole use of University staff to accomplish tasks assigned to that individual at the University, and consistent with the University's mission.

There are several key points in this section. First, that the campus Information Technology (IT) resources are not available for use by family members and friends. A second point is that University computing resources are made available to members of University Administration for the purpose of performing their assigned responsibilities here at the university. Also, consistent with these restrictions, the confidentiality of a user's personal information can not be guaranteed.

Section 1 of the Policy indicates that information contained on University computing resources is presumed to be public information. What about the goal of protecting confidential information?

Confidential and High-Risk information (as defined by the Information Security Policy - University of Illinois) must be handled securely and in accordance with all University Policies and Practices that govern the handling of this type of information. It is never to be released or disclosed publicly. The language in this Section is intended to caution an employee from storing their personal information which is presumed to be public information and which may become subject to examination by University support personnel.

Can I access the University network from a non-University site?

Yes; as long as access is authorized, used for University business, and conducted via secure network connections. To obtain authorization for remote computing, please complete the Remote Computing Access Form (PDF Format | MS Word Format).

Can I use personal equipment to access the University network?

Yes; as long as it is authorized, used for University business, and conducted via secure network connections. To obtain authorization for remote computing, please complete the Remote Computing Access Form (PDF Format | MS Word Format). Personal equipment must meet the same security protection standards as University provided equipment. In addition, remote computing equipment must be protected by approved firewall software.

When accessing the University network remotely with personal equipment, what actions must be taken to ensure the security of the equipment and data?

Please visit the following campus sites for security information and assistance:
Urbana: CITES - Working From Home | CITES - Before You Connect
Chicago: ACCC - How to Secure Your PC | ACCC - Symantec AntiVirus Software at UIC

After your equipment is properly secured, you will then be required to complete the Remote Computing Access Form (PDF Format | MS Word Format) before remote computing authorization will be granted.

Can my family use University owned equipment?

No. Employees' family members and friends are not permitted to use University assigned equipment.

Is the IT department permitted to examine the contents of files?

The IT departments keep BANNER, the Enterprise Data Warehouse, HRIS and BIS applications, other AITS applications, the mail systems, file servers, and computer networks running. The IT staff personnel are also responsible for responding to alerts from various status monitoring tools and security devices installed within the network. In the normal course of business, these employees may be exposed to data and network traffic that is present in the computing environment. However, IT personnel are restricted from examining the content of files and/or network transmissions, except when authorized to do so by designated officials in response to a specific issue. For example, there may be situations in which files, data, and transmissions are examined in response to a court order or a discovery action associated with a matter in litigation.

Can I install software on my home or office University computer?

Many University Administration employees are permitted to install software in order to complete their assigned duties. For example, computer programmers are often required to install additional software on the computers assigned for their use. If it is the practice of your department to grant local administrative privileges to the individual who uses a computer, software can be installed and/or changed and updated as required. All software must be acquired in a manner that respects copyright laws and regulations, as well as licensing and right-to-use privileges. Software installed on the University computers should not result in a violation of any provisions of this policy or other administrative unit practices. An example is peer-to-peer clients, which would promote file exchanges and result in an unacceptable systems activity.

The policy restricts the storage of confidential and high-risk information. What do these terms mean?

Data protected by federal or state privacy regulations or data that is designated as high risk or confidential by the Information Security Policy, must be protected. Student information, financial information, Social Security Numbers and other personal identifying information are particularly important to protect. The "Information Security Policy - The University of Illinois" which is published as Section 19.5 of Business and Financial Policies and Procedures provides guidance on the classification of Information and assigns the responsibility for designating these classifications.

What do I do if I think someone else knows my password and I KNOW I haven't given it out?

Promptly follow the Procedures for Reporting Security Breach Incidents.

What do I do if I think or know someone has violated something listed in the Unacceptable Use section?

Promptly follow the Procedures for Reporting Security Breach Incidents.

If I report a possible security breach, can I remain anonymous?

Precautions will be taken to protect your anonymity whenever possible.

Who can I contact with questions about this policy?

Questions about the policy, including applicability and implementation should be directed to University Human Resources at uihr@uillinois.edu.

For answers to technical questions, including hardware and software requirements, please contact the appropriate AITS Service Desk: Urbana/Springfield 217-333-3102, Chicago 312-996-4806, or email servicedeskaits@uillinois.edu. Please note that AITS may not be able to assist you with problems pertaining to non-University equipment.

For questions regarding connections to the University Network, the department network administrator will provide assistance.

 


Maintained by University Human Resources | Contact Information | Last Update: 08-December-2009 | ID: 3934