Acceptable Use of Information Resources

Overview

The �鶹��ý provides information resources (like networks, apps, and devices) for its community and affiliates to support its mission of teaching, research, and public service. According to Board of Regents’ Policy, the University’s mission is to pursue truth, advance learning, and share knowledge. To manage these resources, users and administrators need to distinguish between limited-public forums (for specific topics like university business), private communication, and public forums. All use of information resources must follow applicable laws, policies, and regulations, and should not disrupt the University’s operations.

Scope
Definitions
Standard

User Responsibilities

Violations and Exceptions
Implementation
Related Standards
References
Lifecycle and Contacts

Scope

Information Security and Assurance (ISA) Standards are mandatory and apply to the �鶹��ý System and all users of �鶹��ý computing resources. This standard supplements and supports Board of Regents Policy & Regulation R02.07. These standards are reviewed and approved by the CIO Management Team (CMT), a system-wide governance group consisting of each university CIO, the System CITO, and the System CISO. Business units maintaining their own security standards should utilize this standard as a baseline and may add additional requirements or detail as appropriate for their business needs, however, may not weaken any individual element of this standard without an approved Information Security Controls Exception.

This standard is periodically reviewed and updated to respond to emerging threats, changes in legal and regulatory requirements, and technological advances.

Definitions

Information Resources
The systems and networks owned, leased, or operated by the university, as well as the software and data resident on the systems and networks
User
An individual, including but not limited to, students, faculty, staff and affiliates, who accesses, transmits or stores data on information resources

Standard

User Responsibilities

The �鶹��ý encourages a high level of digital responsibility among its faculty, staff, students and affiliates. The University community is expected to uphold the following standards of conduct in their use of �鶹��ý information resources:

Do not access or alter University information resources without authorization. Use only the information resources you are authorized to access, and only in the manner and to the extent authorized.
Do not obtain or distribute copyrighted materials without authorization, e.g. illegal downloading of music, games, books, movies, software and other materials.
Do not engage in activities that could compromise the integrity, security, or intended use of information resources, including (but not limited to) engaging in unauthorized financial or computational activities (e.g., cryptocurrency mining), misusing access privileges to obtain or distribute confidential information, and transferring data for personal gain or in violation of University policies.
Do not circumvent, bypass, tamper with or disable security measures, requirements, controls or protocols in place to ensure the confidentiality, integrity and availability of �鶹��ý information resources.
Do not engage in activities which disrupt the workplace. This includes activities which impact service availability, unauthorized use of University mailing lists in a manner inconsistent with or disruptive of �鶹��ý business, and interfering with the proper functioning of information resources.
Do not threaten, harass, impersonate, or invade the privacy of any member of the University of Alaska community.
Do not create an appearance that �鶹��ý is endorsing, affiliated with, or otherwise in support of any political candidate, position, product, or organization.

Violations and Exceptions

In an effort to perform its requirements under Board of Regents Policy & Regulation R02.07.060 to secure University Information Resources, systems and services which fail to abide by approved information security controls may be subject to the implementation of compensating controls to effectively manage risk, up to and including disconnection from the �鶹��ý network or blocking of traffic to/from untrusted networks.

�鶹��ý employees, students, and other affiliates who attempt to circumvent an approved information security control may be subject to sanctions or administrative action depending on their role and the nature of the violation, which:

may result in a reduction or loss of access privileges, or the imposition of other restrictions or conditions on access privileges;
may subject employees to disciplinary action, up to and including termination;
may subject students to disciplinary action including expulsion according to the Student Code of Conduct procedures; and
may also subject violators to criminal prosecution.

Requesting an Exception

The process for requesting exceptions to this or other IT Security Standard are outlined in the Information Security Controls Standard.

Implementation

OIT Information Security and Assurance is responsible for the implementation, maintenance and interpretation of this IT Standard.

Related Standards

Generative AI Security Standard

References

Regents’ Policy and University Regulation 01.01 Mission

Regents' Policy and University Regulation 02.07 Information Resources

Regents’ Policy and University Regulation 04.10. Ethics and Conduct

Regents’ Policy and University Regulation 09.02.02 Student Code of Conduct

Alaska Executive Branch Ethics Act The Alaska Executive Branch Ethics Act (PDF).

Lifecycle and Contacts

Standard Owner: OIT Information Security and Assurance

Standard Contact: Chief Information Security Officer

Phone: 907-474-5347

Email: ua-ciso@alaska.edu

Approved: January 2025

Effective: January 2025

Next Review: January 2027