18新利网址登录|新利18如何提
Skip to content Skip to search Skip to footer Office of Information Security Open Menu Back Close Menu Search for: Search Close Search ServicesServices Benchmark and Hardening Encryption Cisco Umbrella Data Classification Vulnerability Assessment Web Scans Workspace ONE (formerly Airwatch) Alerts NewsNews Events Cybersecurity Awareness MonthCybersecurity Awareness Month Workplace Security Policies Forms GuidanceGuidance QR Code Safety Phish Alert Button (PAB) Email Safety Remote Work Travel Information Security Strategies for iOS/iPadOS Devices Information Security Strategies for macOS Devices Information Security Strategies for Android Devices Information Security Strategies for Windows 10 Devices ResearchResearch Confidentiality, Integrity, and Availability: The CIA Triad Information Security Glossary Guiding Information Security Questions for Researchers Research Data Security Controlled Unclassified Information (CUI) in Sponsored Research WashU IT About UsAbout Us Contact Us Information Security FAQ Open Search Computer Use Policy Print this page ObjectivesThis policy and associated guidance provide direction for appropriate use of computer systems, networks, and information at WashU. ApplicabilityThis policy is applicable to systems connected to any WashU network segment. AudienceThe audience for this policy is all WashU faculty, staff, and students. It also applies for all other agents of the university with access to WashU information and networks for contracted services. This includes, but not limited to partners, affiliates, contractors, temporary employees, trainees, guests, and volunteers. The titles will be referred collectively hereafter as “WashU community”. Roles & Responsibilities PolicyThis policy seeks to protect the confidentiality, integrity, and availability of the WashU information systems themselves: the computing or networking resources need to be accessible and secure for appropriate use consistent with the mission of WashU; the usurpation of these resources for personal gain, commercial gain, or without authorization is unacceptable. To manage systems and networks at WashU, comply with regulatory requirements, and enforce the various Information Security Policies, WashU may log, review, retain, prohibit, or in any manner utilize any data or information stored or transmitted via WashU assets. Relationship to WashU PoliciesAll WashU policies listed below applies to information technology as well as to other forms of communication and activity. In addition, these policies are fully recognized by the WashU Computer Use Policy. All users are responsible for being aware of and complying with regulations and Information Security Policies. Use of WashU systems or networks that violates any of these policies will be investigated and sanctions may be applied, including termination. Code of Conduct Intellectual Property Policy Freedom of expression / Freedom from HarassmentSocial Media Policy WashU students will reference the Student Technology Services Network Use Policy. When in a faculty or staff position, students are expected to adhere to department and/or school policies for network use. Use of WashU ResourcesWashU resources are shared resources available to further educational, research, medical, service, and university-related activities and missions. The WashU community should abide by federal, state, and city laws, regulations, and university policy. WashU does not monitor the content of web pages or other online communications and is not responsible for the views expressed by individual users. The personal use of WashU systems and networks should be limited in nature, scope, and appropriateness. While the privileges and responsibilities vary between departments and schools, the use of university resources for personal commercial gain or for partisan political purposes (not including the expression of personal political views, debate, and the like) is inappropriate and possibly illegal. Individual university computer systems and departments have varying access requirements and resources. Departments or schools may implement additional computer use guidelines as necessary. Copies of such additional computer user guidelines must be provided to the Chief Information Security Officer (CISO). PrivacyAlthough respect for privacy is fundamental to the university’s policies, understand that almost any information can in principle be read or copied; that some user information is maintained in system logs as part of computer system maintenance; that the university must reserve the right to examine computer files, and that, in rare circumstances, the university may be compelled by law or policy to examine even personal and confidential information stored, transmitted or accessed on university computing facilities. Access to WashU Secure SystemsWashU provides access to internal and external system resources. Use of these resources may be governed by various state and/or federal regulatory requirements. All authorized users with access to protected information and systems are expected to be aware of and comply with the regulatory requirements that govern the use of the data as well as the resource. Guidance along with the specific regulatory requirements is provided at WashU through the University’s Area Specific Compliance Offices. WashU community members should be aware of the university’s computer and data classification guidelines prior to utilizing external or personal computing resources through the WashU system. These guidelines are available on the CIO.wustl.edu and informationsecurity.wustl.edu websites. AuthenticationWashU community members are responsible for protecting their account credentials (user IDs and passwords). Users should not share credentials used for authentication and access to WashU systems and networks verbally or in electronic or written communications. Unique credentials are required for access WashU systems and networks. Inappropriate access of WashU resources may significantly impact education, research, and patient care and other university activities. Personal devicesAll devices used to access WashU data or networks must conform to all WashU policies and device protections based upon data classification accessed, stored, or transferred from the device. It is the responsibility of the device owner to secure the system or data. Users may contact the department or school help desk to ensure their personal devices conform. Misuse of resourcesWashU community members are responsible for all activity involving their WashU accounts and are granted privileges and responsibilities with these accounts. These privileges are not to be used to violate any university policy, or city, state, or federal laws or regulations. Access may be revoked in cases of misuse or threat to WashU systems and networks. WashU community members are not to use the WashU systems or networks to cause harm or perform illegal activities including, but not limited to the following: Cause harm to individuals, university data, university network Disable systems, programs, or software Email spam or harassment Modify or destroy data integrity Copyright infringement Malicious computer activity Circumventing WashU policies to compromise the security of an account, system, devices, network, or WashU partner will not be tolerated. WashU Rights Access WashU, through the appropriate systems administrator or management request, may deactivate a user’s privileges when deemed reasonably necessary to enhance or preserve the confidentiality, integrity, or availability of the WashU systems or networks. Monitoring WashU does not monitor individual system or network usage. Daily system processing and maintenance will log and backup the data. The individual right to privacy may, when personal files may need to be accessed for troubleshooting purposes or to investigate a reported incident, be overridden by authorized personnel to protect the integrity of the university’s computer systems. Security WashU reserves the right to enforce security controls to preserve the confidentiality, integrity, or availability of the WashU systems or networks. These controls may affect the storage, transmission, and access of confidential and protected information in accordance with WashU policies, regulations, state, and federal laws or regulations. WashU reserves the right to restrict access to internal or external resources based upon risk to the university systems or networks. Reporting WashU community members are responsible for reporting concerns or possible violations of this policy. Email [email protected] to report concerns or possible violations. Concerns or violations can also be reported anonymously on the university’s hotline at (314) 362-4998. Investigation Violations of this policy may lead to an investigation involving but not limited to designated representatives for WashU community, Human Resources, General Counsel, Information Security, Internal Audit, the HIPAA Privacy Office, or other Area Specific Compliance Office. Sanctions Violations of this policy may lead to disciplinary action up to and including termination under either the Human Resources corrective action process or the HIPAA Sanction policy. For questions about this policy, contact your department, school, or unit system manager or email the Chief Information Security Officer. Policy ComplianceThe Office of Information Security (OIS) will measure the compliance to this policy through various methods, including, but not limited to – reports, internal/external audits, and feedback to the policy owner. Exceptions to the policy must be approved by the OIS in advance. Non-compliance will be addressed with management, Area Specific Compliance Office, Human Resources, or the Office of Student Conduct. Related PoliciesNone ReferenceNone Policy ReviewThis policy will be reviewed at a minimum every three years. Title: Computer Use PolicyVersion Number: 4.1Reference Number: PL-01.01Creation Date: May 31, 1997Approved By: Security and Privacy Governance CommitteeApproval Date: October 10, 2016Status: FinalScheduled Review Date: March 1, 2022Revision Date: November 5, 2021Revision Approval Date: March 15, 2019Policy Owner: Office of Information Security Office of Information Security Mailing Address: Campus Box 8218 | 660 S. Euclid Ave. | St. Louis, MO 63110 Phone: 314-747-2955 Email: [email protected] ©2024 Washington University in St. Louis
