Policy Manual

Contents
Catalog Links
Share

Acceptable Use of Technology Policy

GCSU Acceptable Use of Technology Policy

 

1.   Policy Purpose Statement

An individual's use of computing resources in a university environment is not an absolute, personal right; rather it is a privilege conditional on the individual's compliance with federal and state laws, institutional policy, and generally acceptable use protocols. The Acceptable Use of Technology Policy defines what constitutes acceptable and unacceptable use of Georgia College & State University (GCSU) computing facilities and resources. In using the computing resources of the University, the user agrees to abide by all applicable GCSU and University System of Georgia (USG) policies and procedures, and all applicable local, state, and federal laws. GCSU reserves the right to review and suspend accounts and remove files created on University resources. Per the USG Appropriate Use Policy, individuals are held accountable for any misuse of their assigned network identification, computer system, and network access.

 

2.   Background

The GCSU Acceptable Use of Technology Policy was created to comply with the Georgia Computer System Protection Act and USG Appropriate Use Policy.

 

3.   Scope (Who is Affected)

The GCSU Acceptable Use of Technology Policy applies to all individuals utilizing University technology resources, including but not limited to students, faculty, staff, external contractors, retirees, and visitors.

4.   Exclusions or Exceptions

Individuals may be exempted from this policy only upon written approval of the Chief Information Officer.

 

5.   Policy

5.1         GCSU accounts and technology resources are issued solely in support of the mission of the University. This includes activities considered educational but may not strictly relate to course content. Below is a list of criteria for the acceptable use of computing resources and facilities at GCSU.

5.1.1      No one shall use any University computer or network facility without proper authorization. No one shall assist in, encourage, or conceal from authorities any unauthorized use, or attempt at unauthorized use, of any of the University's computers or network facilities.

5.1.2      No one shall knowingly compromise, or attempt to compromise, the security of any University computer or network facility, nor willfully interfere with others' authorized computer usage.

5.1.3      No one shall use the University's communication facilities to attempt unauthorized use, nor to interfere with others' legitimate use, of any computer or network facility.

5.1.4      No one shall use the University's computing resources to harm the person, property, or reputation of another.

5.1.5      No one shall use the University's computing resources to violate the privacy or personal rights of another.

5.1.6      No one shall connect any computer to any of the University's networks unless it meets generally accepted security standards: https://csrc.nist.gov/publications/sp800. These include but are not limited to an antivirus application and the latest operating system patch level.

5.1.7      All users shall share computing resources following policies set for the computers involved, giving priority to mission-related work and cooperating fully with the other users of the same equipment.

5.1.8      Users are required to store all institutional data only in University-approved secured locations (published in GCSU Technology Policies and Procedures).

5.1.9      No one without specific authorization (see 4. Exclusions or Exceptions) shall use any University computer or network facility for non-University business.

5.1.10   GCSU employees are responsible for maintaining the integrity and compliance of the technology assigned to them.

5.1.11   No one shall give a password for any University computer or network facility to any unauthorized person nor obtain any other person's password by any unauthorized means whatsoever. No one except the designated system administrator in charge of a computer, or the system administrator’s representative, is authorized to issue passwords for that computer.

5.1.12   No one shall misrepresent one’s identity or relationship to the University when obtaining or using University computer or network privileges.

5.1.13   No one without written authorization from the Chief Information Officer shall read, alter, or delete any other person's computer files or electronic mail. This rule applies regardless of whether the operating system of the computer permits these acts.

5.1.14   No one shall download, copy, install, transmit, or use any software or files in violation of applicable copyrights or license agreements, including but not limited to downloading and/or distribution of music, movies, software, or any other electronic media via the Internet.

5.1.15   All users shall abide by all local, state, and federal laws when utilizing University computing resources.

5.1.16   Per the USG Information Technology Handbook, USG Appropriate Use Policy (AUP), it is a violation to: “Transmit, disseminate, sell store or host material on USG resources that is unlawful, libelous, defamatory, obscene, pornographic, indecent, lewd, harassing, threatening, harmful, invasive of privacy rights, abusive inflammatory or otherwise objectionable.”

5.1.17   Official GCSU electronic mail accounts are provided to help employees and students in the performance of their duties or studies.  Employees should not use official GCSU electronic mail accounts for personal use and no one shall use personal electronic mail accounts for official GCSU use.

5.1.18   No one shall use their official GCSU electronic mail account to transmit personally identifiable information or other confidential information to a non-GCSU email account.

5.1.19   GCSU provides many software programs and data obtained under contracts or licenses and distributes them across campus. These resources may not be copied, altered, or distributed without the consent of the Chief Information Officer or their designee.

5.1.20   Per the USG Information Technology Handbook, Physical Security, devices must be configured to "lock" and require a user to re-authenticate if left unattended for more than 20 minutes, with a recommended setting to lock at 10 minutes or less.

5.1.21   Anyone unsure of whether something is allowed is encouraged to contact the GCSU Serve Help Desk for advice on whether a task is a legitimate use of an account. Technology controls permit the logging of activities on University computer systems, and systems are regularly monitored for unauthorized use. Questions regarding proper usage should be addressed through the GCSU Information Technology Help Desk.

 

5.2   The Georgia Computer Systems Protection Act

The Georgia Computer Systems Protection Act was signed into law on July 1, 1991, and establishes certain acts involving computer fraud or abuse as crimes punishable by defined fines, imprisonment, or both. The act specifically defines common computer misuse scenarios such as computer theft, computer trespass, invasion of privacy, forgery, and password disclosure. The Official Code of Georgia Annotated (O.C.G.A.) § 16-9-93, states:

(a)  Computer theft. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:

  1. Taking or appropriating any property of another, whether or not with the intention of depriving the owner of possession;
  2. Obtaining property by any deceitful means or artful practice; or
  3. Converting property to such person's use in violation of an agreement or other known legal obligation to make a specified application or disposition of such property shall be guilty of the crime of computer theft.

(b)  Computer Trespass. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of:

  1. Deleting or in any way removing, either temporarily or permanently, any computer program or data from a computer or computer network;
  2. Obstructing, interrupting, or in any way interfering with the use of a computer program or data; or
  3. Altering, damaging, or in any way causing the malfunction of a computer, computer network, or computer program regardless of how long the alteration, damage, or malfunction persists shall be guilty of the crime of computer trespass.

(c)  Computer Invasion of Privacy. Any person who uses a computer or computer network with the intention of examining any employment, medical, salary, credit, or any other financial or personal data relating to any other person with knowledge that such examination is without authority shall be guilty of the crime of computer invasion of privacy.

(d)  Computer Forgery. Any person who creates, alters, or deletes any data contained in any computer or computer network, who, if such person had created, altered, or deleted a tangible document or instrument would have committed forgery under Article 1 of this chapter, shall be guilty of the crime of computer forgery. The absence of tangible writing directly created or altered by the offender shall not be a defense to the crime of computer forgery if a creation, alteration, or deletion of data was involved in lieu of a tangible document or instrument.

(e)  Computer Password Disclosure. Any person who discloses a number, code, password, or other means of access to a computer or computer network knowing that such disclosure is without authority and that results in damages (including the fair market value of any services used and victim expenditure) to the owner of the computer or computer network in excess of $500 shall be guilty of the crime of computer password disclosure.

 

6.   Associated Policies/Regulations

(a)  Georgia Computer System Protection Act (Official Code of Georgia Annotated (O.C.G.A.) § 16-9-93)

(b)  USG Information Technology Handbook, USG Cybersecurity Program

(c)  National Institute of Standards and Technology (NIST) Risk Management Framework SP-800

 

7.   Violations

7.1.   If a GCSU employee or student witnesses any violation of policy, they should report it directly to the Chief Information Officer via CIO@gcsu.edu. If any GCSU employee or student witnesses a non-emergency criminal act, they should notify GCSU Public Safety at (478) 445-4400. In the case of abuse, the rights of the users can be suspended.

7.2.   Individuals using GCSU computing resources are prohibited from using the system to commit a criminal act. This includes, but is not limited to, unauthorized access or attempts to access other systems; the implementation of any virus or malicious program; downloading and/or distributing music, movies, or any other electronic media in which legal copyright is not owned; or any use of the system to plan, commit, or exploit criminal activities.

7.3.   Individuals found to violate this policy may be subject to disciplinary action following the University handbook. Punishments may include fines, suspension, termination, expulsion, and incarceration. Violations of local, state, and/or federal laws will be reported to GCSU Public Safety.

7.4.   GCSU Information Technology reserves the right to disable system and user accounts if the activity is inconsistent with applicable laws and University policy.