1. 目的

   The Ohio university information technology systems (“Ohio systems”) incorporate all electronic communication, information systems and equipment used by the university. This acceptable usage policy (“AUP”) sets forth the standards by which all 用户 may use the shared campus-wide network (“Ohio network”). 术语“用户”在策略91中定义.005年“信息安全”.

   Ohio systems are provided to support the university and its primary objectives towards education, 服务, 和研究. Anything that jeopardizes the security, availability, or integrity is prohibited. 

   通过使用或访问俄亥俄系统, 用户, 同意遵守AUP, 以及所有其他适用的大学政策, 包括所有联邦政府, 状态, 以及当地的法律法规. Only authorized 用户 may access the Ohio systems, as well as any 服务s interconnected with it.

2. 范围

   与俄亥俄系统交互的用户, data, 身份, 以及访问俄亥俄系统的账号, 俄亥俄网络, 任何大学数据.

3. 政策

   1. 用户不得冒充他人, 组织, 或系统, 包括大学名称, 俄亥俄网络名称, 或俄亥俄网络地址空间.

   2. 用户不得尝试拦截, 监控, 打造, alter or disrupt another user’s communications or information. 

   3. Users may not infringe upon the privacy of others’ systems or data.

   4. 用户可能无法阅读, 复制, 改变, or delete another user’s data or communications without the prior express permission of the other user.

   5. 用户不得以下列方式使用Ohio系统:

      • Disrupts; impacts the security posture; or interferes with the legitimate use of any computer; 俄亥俄网络 or any network to which the university connects.
      • Interferes with the functions of any system owned or managed by the university, or,
      • 采取可能产生这种效果的行动. Such conduct includes: hacking or spamming; placing of unlawful information on any computer system; transmitting data; or programs likely to result in the loss of an individual’s work or result in system downtime; or any other use that causes congestion of any networks or interferes with the work of others.

   6. Users may not distribute or send unlawful communications of any kind. This provision applies to any electronic communication distributed or sent within 俄亥俄网络 or to other networks while using 俄亥俄网络.

   7. Users may not attempt to bypass network security mechanisms, 包括俄亥俄电视台的节目, without the prior express permission of the owner of that system. The unauthorized gathering of information regarding systems or 设备 on 俄亥俄网络 (i.e. 网络扫描)也被禁止. 在运行任何类型的网络扫描之前, 并获得授权, 用户 should call the information security office (“ISO”) for more information.

   8. 用户不得从事未经授权的复制, 分发, 修改或翻译受版权保护的材料, 软件, music or other media without the express permission of the copyright holder or as otherwise allowed by law.

   9. Users may not extend or share with public or other 用户 俄亥俄网络 beyond what has been configured accordingly by the office of information technology (“OIT”) and ISO. Users are not permitted to connect or 改变 any network-related infrastructure, 设备, 或者系统(e).g., 开关, 路由器, 无线接入点, vpn, 防火墙, virtual or bare-metal) to 俄亥俄网络 without advance notice and consultation with OIT and ISO.

   10. Users are responsible for maintaining and deploying minimum levels of security controls on any personal computer equipment connecting to 俄亥俄网络, including but not limited to: antivirus 软件 (with frequent updates), 当前系统补丁, and the usage of strong passwords to access these systems as defined in NIST Series Publications.

   11. Users may not use Ohio systems to violate any laws, regulations, or ordinances.

4. 责任

   所有用户都应该:

   1. Behave responsibly and show respect to 俄亥俄网络 and other 用户 at all times.
   2. Respect the integrity and the security of Ohio systems.
   3. Be considerate of the needs of other 用户 by making every reasonable effort not to impede the ability of others to use the Ohio systems and show proper judgement regarding the consumption of shared resources.
   4. 尊重他人的权利和财产, 包括隐私, 保密, 知识产权.
   5. Cooperate with the university to investigate potential unauthorized and/or illegal use of 俄亥俄网络.
   6. Respect the security and integrity of Ohio systems and university data.

5. 执行

   Ohio 用户 must report non-compliance with any part of this policy to the ISO (security@俄亥俄州.edu).

   Users who do not comply with this policy or related university information security standards may be denied access to information technology (“IT”) resources, 同时也会受到纪律处分.

6. 异常

   All exceptions to this policy must be approved by the responsible business owner, 并且要有正式的文件. 政策 exceptions will be reviewed and renewed on a periodic basis by ISO.

   请求一个异常:

   1. Complete Initial exception request form, policy exception template, and risk acceptance form. (http: www.俄亥俄州.edu/oit/security)

7. 治理

   This policy will be reviewed by the ISO and other key stakeholders in the security of university assets and data, 确保持续遵守, as deemed appropriate based on fluctuations in the technology landscape, and/or 改变s to established regulatory requirement mandates.

8. 权威

   91年政策.005“资讯保安”

评论家

Proposed revisions of this policy should be reviewed by:

1. 学术领导

2. 财务副总裁 & 政府的领导

3. 教师参议院

4. 学生参议院

表格、参考资料和历史

1. 形式

   以下表格适用于本保单:

   1. The “Exception Request Form” is available from ISO or online through http://www.OHIO.edu/oit/security
   2. The “政策 Exception Template” is available from ISO or online through http://www.OHIO.edu/oit/security
   3. The “Risk Acceptance Form” is available from ISO or online through http://www.OHIO.edu/oit/security

2. 参考文献

   下列事项与本政策有关:

   1. NIST 800系列出版物
   2. 91年政策.005“资讯保安”

3. 历史

   Draft versions of this policy that were circulated for review, 他们的封面备忘录, their forms and reviewers’ comments on them are available on the 有密码保护的评论网站.