Limited access -- or "Guest Access" -- includes web browsing only and has a time limit of one hour. Guest users may remain on-line longer than one hour, but they will have to log in again by clicking the Guest Access button that appears in the browser window when the session has timed out

1.0 Introduction

The University's intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to the University of Texas at El Paso's (UTEP, also referred to as “the University”) established culture of openness, trust and integrity. The University is committed to protecting its employees, students, partners and the institution from illegal or damaging actions by individuals, either knowingly or unknowingly.

Internet/intranet/extranet-related systems, including but not limited to computer, devices using University resources, equipment, software, operating systems, storage media, and network accounts providing electronic mail (e-mail), web browsing, and FTP are the property of the University. These systems are to be used for business purposes in serving the interests of the University, and of our clients and customers in the course of normal operations.

Effective security is a team effort involving the participation and support of every University employee and affiliate who deals with information or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct his activities accordingly.

2.0 Purpose

Under the provisions of the Information Resources Management Act, Information Resources are strategic assets of the State of Texas that must be managed as valuable state resources. Thus this policy is established to achieve the following:

• Ensure compliance with applicable statutes, regulations, and mandates regarding the management of information resources.
• Establish prudent and acceptable practices regarding the use of information resources.
• Educate individuals who may use Information Resources with respect to their responsibilities associated with such use.

3.0 Scope

This policy applies to all individuals granted access privileges to any University Information Resources regardless of affiliation. This policy applies to all equipment that is owned or leased by the University.

4.0 General Use and Ownership

While UTEP's network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on University systems remains the property of the University. Because of the need to protect UTEP's network, management cannot guarantee the confidentiality of information stored on any network device belonging to the University. Electronic files created, sent, received, or stored on Information Resources owned, leased, administered, or otherwise under the custody and control of the University are not private and may be accessed by UTEP Information Security Office (ISO) employees at any time without the knowledge of the Information Resources user or owner.

Electronic file content may be accessed by appropriate personnel in accordance with the provisions and safeguards provided in the Texas Administrative Code S202, Information Security Standards.

Employees are responsible for exercising good judgment regarding the reasonableness of personal use. If there is any uncertainty, the employee should consult his/her supervisor or manager.

The ISO recommends that any information that users consider sensitive or vulnerable be encrypted. For guidelines on encrypting e-mail and documents, see the Acceptable Encryption Policy.

For security and network maintenance purposes, authorized individuals within the University may monitor equipment, systems and network traffic at any time, per the Audit Policy.

UTEP reserves the right to audit all networks and systems on a periodic basis to ensure compliance with this policy.

UTEP encourages everyone associated with the University to act in a manner that is fair, mature, respectful of the rights of others, and consistent with the educational purposes of the University.

By their use of the UTEP network, users acknowledge that the Internet contains access to pornographic and other material that may be offensive to others and unsuitable for minors. The University ordinarily does not filter, censor, edit, or regulate the flow of data, software, graphic images, or other materials on the Internet to or from any of its account holders. The Internet may from time to time contain hostile programs, viruses, worms, Trojan horses and other files that may affect or destroy the operation of or information on the computer.

The University is not responsible for the content, accuracy or reliability of information accessed from the Internet. Users are encouraged to verify the authenticity and accuracy of materials sent via the Internet, and to use good judgment when deciding whether to download or open materials from people they do not know and organizations they did not contact.

The University of Texas at El Paso will not be liable for missing or misdirected e-mail. UTEP is not responsible for the loss of files or materials due to deletion, error or malfunction, and users are advised to maintain backup copies of their materials at all times.

Users agree to comply with this policy, Information Security Policies, other University rules governing acceptable use of information technology, and any applicable state and federal regulations. The terms and conditions of these policies, rules, procedures, and agreements are subject to change without prior notice. Notice of such changes may be given by posting on the Internet, by e-mail, or other means.

Users must report any weaknesses in The University of Texas at El Paso computer security and any incidents of possible misuse or violation of this agreement to the proper authorities by contacting the Helpdesk.

Users must not attempt to access any data or programs contained on The University of Texas at El Paso systems for which they do not have authorization or explicit consent.

Users must not divulge Dialup or Dial back modem telephone numbers to anyone.

Users must not share their University of Texas at El Paso account(s), passwords, Personal Identification Numbers (PIN), security tokens (i.e. Smartcard), or similar information or devices used for identification and authorization purposes.

Users must not make or distribute unauthorized copies of copyrighted software.

Users must not purposely engage in activity that may: harass, threaten or abuse others; degrade the performance of Information Resources; deprive an authorized University of Texas at El Paso user access to a University of Texas at El Paso resource; obtain extra resources beyond those allocated or circumvent The University of Texas at El Paso computer security measures.

Users must not download, install or run security programs or utilities that reveal or exploit weaknesses in the security of a system. For example, The University of Texas at El Paso users must not run password cracking programs, packet sniffers, or port scanners or any other non-approved programs on the University of Texas at El Paso Information Resources. The ISO and selected network managerial personnel of IT are exempted from this rule.

The University of Texas at El Paso Information Resources must not be used for personal benefit.

Access to the Internet from a University of Texas at El Paso-owned, home-based computer must adhere to all policies that apply to use from within the University of Texas at El Paso facilities. Employees must not allow family members or other non-employees to access the University of Texas at El Paso computer systems.

Users using University resources or connecting to University resources with a personal or non-UTEP owned system will be held responsible to adhere to all University policies and procedures.

Users must not engage in acts against the aims and purposes of the University as specified in its governing documents or in rules, regulations or procedures adopted from time to time.

Users agree to follow normal standards of ethics and polite conduct in their use of shared computing/networking resources.

Users should follow the same standards of conduct when interacting on the network as when interacting in person.

Laws and rules against fraud, harassment, obscenity, and the like apply to electronic communications just as they apply to other media. Inappropriate distribution of copyrighted materials such as computer software, movies, and music (CDs, tapes, records, etc.) is a violation of federal law and University rules. If you violate these laws, or allow access to others who violate them, your network access may be terminated and you may be subject to civil or criminal penalties or disciplinary action by the University for employees and students, including termination of employment, suspension and/or expulsion.  

Users agree that they are solely responsible for making sure that any information they access, upload, or transmit (including information obtained through any hyperlink) complies with applicable law.

The network connection supplied by the University for Miner Village residents is for individual use and may not be shared among multiple users. Individuals are responsible for all charges and for all destructive or illegal activity done by anyone to whom they allow access.

Student violators of University rules and policies may be referred to the Dean of Students for disciplinary action. The Dean of Students will be notified of violations of University rules and policies, and will take appropriate disciplinary action.

The University, using generally accepted standards of best network administration practices and procedures, has the right to determine what activities disrupt the network. The University further reserves the right to terminate the connection of any host using an unusually high portion of bandwidth if that program unreasonably inhibits the fair use of network resources by other University users or members of the UTEP community.

Users agree that failure of the University to respond to a violation immediately does not prevent it from taking corrective action at a later time.

Users agree NOT to:

• Use network access for solicitations, commercial purposes, or any business activities for individuals, groups, or organizations.
• Modify or tamper with network services, wiring, and ports in any room without explicit written permission. This includes extending the network beyond the single network outlet (using a wireless hub for example, Remote Access Servers, tunneling NETBIOS, or Proxies).
• Establish servers for anything other than academic purposes (or provide other activities that consume a disproportionate share of bandwidth. Examples of servers that would be prohibited include MP3, DVD, and Game servers.
• Register an outside domain host name that refers to an IP address within the utep.edu domain.
• Scan for computers on any network using port scanners or network probing software.
• Use defective or malfunctioning equipment on the network. Violation of this agreement will result in the offending port(s) being disabled without prior notification.
• Use any connection to engage in any unlawful purpose or transmit material that violates applicable local, state or federal laws or University rules.

5.0 Unacceptable Use

The following activities are, in general, prohibited:

Under no circumstances is an employee of the University authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing UTEP-owned resources.

Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by the University.

Unauthorized copying or sharing of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, copyrighted movies, copyrighted television shows, and the installation of any copyrighted software for which the University or the user does not have an active license.

Exporting software, technical information, encryption software or technologies, in violation of international or federal export control laws. Appropriate management should be consulted prior to export of any material that is in question.

Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).

Revealing an account password to others or allowing the use of an authorized University account by others. This includes family and other household members when work is being performed at home.

Using a UTEP computer to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction.

Making fraudulent offers of products, items, or services originating from any UTEP Information Resources.

Making statements about warranty, expressed or implied, unless it is a part of normal job duties.

Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, ping floods, packet spoofing, denial of service attacks, and forged routing information for malicious purposes.

Executing any form of network monitoring that will intercept data not intended for the employee's host, unless this activity is a part of the employee's normal job duty.

Circumventing user authentication or security of any host, network or account.

Interfering with, or denying service to any user other than the employee's host (for example, denial of service attack).

Using any program/script/command/etc., or sending messages of any kind, with the intent to interfere with, or disable, the University’s Information Resources, via any means, locally or via the Internet.

Providing information about, or lists of, University employees to parties outside the University.

Sending unsolicited e-mail messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (e-mail spam).

Any form of harassment via e-mail, telephone, or paging, whether through language, frequency, or size of messages.

Unauthorized use, or forging, of e-mail header information.

Solicitation of e-mail for any other e-mail address, other than that of the poster's account, with the intent to harass or to collect replies.

Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.

Use of unsolicited e-mail originating from within the University's networks or other Internet Service Providers (ISP) on behalf of, or to advertise, any service hosted by the University or connected via the University's network.

Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).

Sending broadcast messages through means that are not approved.

6.0 Incidental Use

As a convenience to The University of Texas at El Paso user community, incidental use of Information Resources is permitted. The following restrictions apply:

• Incidental personal use of electronic mail, Internet access, fax machines, printers, copiers, etc., is restricted to The University of Texas at El Paso approved users; it does not extend to family members or acquaintances.
• Incidental use must not result in direct cost to The University of Texas at El Paso.
• Incidental use must not interfere with the normal performance of an employee's work duties.
• No files or documents may be sent or received that may cause legal action against, or embarrassment to, The University of Texas at El Paso.
• Storage of personal e-mail messages, voice messages, files and documents within The University of Texas at El Paso's computer systems must be minimal.
• All messages, files and documents located on The University of Texas at El Paso Information Resources are owned by The University of Texas at El Paso. They may be subject to open records requests and may be accessed in accordance with this policy.

 7.0 E-Mail

The University of Texas at El Paso provides electronic mail (e-mail) accounts to all faculty, staff, students, and non-university personnel who are affiliated with the University and are assisting the University in meeting its mission. Official business of the University will be conducted using University-furnished e-mail addresses, in the format user@utep.edu for employees and user@miners.utep.edu for students. For this reason, all users are strongly urged to obtain an official UTEP e-mail address.

All e-mail use is subject to the general policies governing use of University Information Resources. In addition, the following uses or activities are expressly prohibited:

Transmission, display, printing or storage of any material prohibited by law or University regulations.

Unauthorized transmission, display, printing or storage of legally restricted or confidential material.

Transmission, display, printing or storage of material that is obscene, libelous, or physically threatening.

Transmission, display, printing or storage of material which advertises, promotes or otherwise solicits on behalf of any non-university business, corporation, organization, enterprise or activity or which contributes to the conduct of business by such entities. This includes the conduct of private consulting services by faculty or staff employees of the University.

Transmission, display, printing, or storage of any material through the fraudulent use of another person's password. Any use of another person's password for any purpose is prohibited.

Transmission, display, printing or storage of chain letters, and other forms of mass mailings or any use that may disrupt or delay the timely and orderly provision of e-mail services at the University. Only upon approval of the President or a Vice President of the University may a general broadcast message (e-mail bulletin) be placed in the e-mail system.

Sending e-mail that is intimidating or harassing.

Using e-mail for conducting personal business.

Using e-mail for purposes of political lobbying or campaigning.

Violating copyright laws by inappropriately distributing protected works.

Posing as anyone other than oneself when sending e-mail, except when authorized to send messages for another when serving in an administrative support role.

The following activities are prohibited because they impede the functioning of network communications and the efficient operations of electronic mail systems:

Sending or forwarding chain letters.

Sending unsolicited messages to large groups except as required to conduct agency business.

Sending excessively large messages.

Sending or forwarding e-mail that is likely to contain computer viruses.

All sensitive UTEP material transmitted over external network must be encrypted.

All user activity on UTEP Information Resource assets are subject to logging and review.

Quotas have been established for all users:

Faculty and Staff: 1GB. If amount exceeds 1GB, a warning message is issued. At 950MB, sending of e-mail is stopped. At 975MB, both sending and receiving are prevented. (Limits current as of September 16, 2008)

The content, maintenance, and disposition or retention of e-mail messages is the responsibility of the person to whom the e-mail account or address is assigned. E-mail that conducts official business must be maintained for future reference in accordance with the University's records retention policies, which reflect the requirements of state law

Electronic mail users must not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless appropriately authorized (explicitly or implicitly) to do so. Where appropriate, an explicit disclaimer will be included unless it is clear from the context that the author is not representing the University. An example of a simple disclaimer is: "the opinions expressed are my own, and not necessarily those of my employer."

Individuals must not send, forward or receive confidential or sensitive University information through e-mail unless the information is appropriately encrypted or password-protected. Please note that if using a password, it must not be transmitted along with the password-protected file. It is best to call the individual and give them the password over the phone.

Individuals must not send, forward, receive or store confidential or sensitive University information utilizing non-UTEP accredited mobile devices. Examples of mobile devices include, but are not limited to, Personal Data Assistants, two-way pagers and cellular telephones.

Employees must exercise utmost caution when sending any e-mail from inside the University to an outside network. Unless approved by the ISO, UTEP e-mail will not be automatically forwarded to an external destination. Sensitive information, as defined in the Information Security Policies, will not be forwarded via any means, unless that e-mail is critical to business and is encrypted or password-protected in accordance with the Acceptable Encryption Policy.

8.0 Disciplinary Actions

Violation of this policy may result in disciplinary action that may include termination of employees or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of UTEP Information Resources access privileges and may face civil and criminal prosecution.

All personnel are responsible for managing their use of Information Resources and are accountable for their actions relating to Information Resources security. Personnel are also equally responsible for reporting any suspected or confirmed violations of this policy to the appropriate management.

The use of Information Resources must be for officially authorized business purposes only. There is no guarantee of personal privacy or access to tools such as, but not limited to e-mail, web browsing, and other electronic discussion tools. The use of these electronic communication tools may be monitored to fulfill complaint or investigative requirements.

Departments responsible for the custody and operation of computers shall be responsible for proper utilization of Information Resources under their control, as well as the establishment of effective use methods, and providing any required reports to management. Departments must provide adequate access controls in order to monitor systems to protect data and programs from misuse in accordance with the needs defined by owner departments. Access must be properly documented, authorized and controlled.

The user must keep any data used in an Information Resources system confidential and secure. The fact that the data may be stored electronically does not change the requirement to keep the information confidential and secure. Rather, the type of information or the information itself is the basis for determining whether the data must be kept confidential and secure. Furthermore, if this data is stored in a paper or electronic format, or if the data is copied, printed, or electronically transmitted the data must still be protected as confidential and secured appropriately.

All computer software programs, applications, source code, object code, documentation and data shall be guarded and protected as if it were state property.

All commercial software used on computer systems must be supported by a software license agreement that specifically describes the usage rights and restrictions of the product. Personnel must abide by all license agreements and must not illegally copy licensed software. The Information Resources Manager (IRM) through the Information Technology Division reserves the right to remove any unlicensed software from any computer system at any time.


9.0 Security and Proprietary Information

The user interface for information contained on Internet/intranet/extranet-related systems should be classified as either confidential or not confidential, as defined by the Public Information Handbook, Office of the Attorney General, State of Texas. Employees should take all necessary steps to prevent unauthorized access to confidential information. Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. System-level passwords should be changed every 90 days; user-level passwords should be changed every year.

All PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off when the host is expected to be left unattended. Encrypt information in compliance with the Acceptable Encryption Use Policy. Because information contained on portable computers is especially vulnerable, the Office of Information Security encourages the use of multi-passwords if available, encryption of the hard disk contents, and physical cables or locks attached to the computer.

Postings by a UTEP employee to newsgroups should contain a disclaimer stating that the opinions expressed are strictly his/her own and not necessarily those of UTEP, unless posting is in the course of business duties. All hosts used by the employee that are connected to the University network, whether owned by the employee or the University, shall be continually executing approved virus-scanning software with a current virus database unless overridden by departmental policy. Employees must use extreme caution when opening e-mail attachments received from unknown senders as they may contain viruses, e-mail bombs, or Trojan horse code.

10.0 References

The University of Texas System Information Resources Use and Security Policy
Copyright Act of 1976
Foreign Corrupt Practices Act of 1977
Computer Fraud and Abuse Act of 1986
Computer Security Act of 1987
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The State of Texas Open Records Act
Texas Government Code, Section 441
Texas Administrative Code (TAC) S202
IRM Act, 2054.075(b)
The State of Texas Penal Code, Chapters 33 and 33A
DIR Practices for Protecting Information Resources Assets
DIR Standards Review and Recommendations Publications Revision History
The University of Texas at El Paso Information Security Policies

11.0 User Acknowledgment

I acknowledge that I have received the University of Texas at El Paso Acceptable Use Policy. I have read the Policy and understand that I must comply with the Policy when accessing and using Information Resources and my failure to comply with the Policy may result in cancellation of my privilege of use, appropriate disciplinary action, and action by law enforcement authorities.