Information Technology Policy


Access to Information Technology Facilities

Access to Information

Glossary of Terms

  • Governing Principles
    1. In support of its essential mission to enhance educational, economic and cultural opportunities for the people of West Kentucky, Murray State University offers information technology resources to its students, faculty and staff. These resources contribute to the work of all members of the University community. They advance the scholarly pursuit of knowledge and those administrative functions necessary for the operation of the University.
    2. Users of the University's information technology facilities are required to comply with and be subject to the MSU Information Technology Policy, the University's policies found in the Personnel Policies and Procedures Manual, and all relevant federal and state statutes. The University reserves the right to amend these policies at any time without prior notice.
    3. This policy is intended to help set the tone for information technology and for the use of technology resources at Murray State University. The University's priority of academic excellence established the basic priority for Information Technology utilization. this priority must be maintained in appropriate balance with operational requirements (such as registration) and the requirements to use the University resources efficiently. all information technology users are expected to demonstrate respect for the rights of other users and to promote fair use by all so as to guarantee necessary access to all.
    4. User access to information technology resources is contingent upon prudent and responsible use.
  • Authorization and Equity of Access
    1. University information technology resources are provided to faculty, staff, and students for the purposes of study, research, service and other work related activities. Access to information technology resources is granted to a individual by MSU for that individual's sole use, which use must be in furtherance of the mission and purpose of the University. Information technology resources must be shared among users in an equitable manner. The user may not participate in any behavior that unreasonably interferes with the fair use of information technology resources by another.
  • Acknowledgement of Receipt Authorization
    1. Signature on an account application form, acceptance of a user ID, or registration on line denotes that the applicant has read and understands the guidelines available and also denotes acceptance of the above stated terms of use.
  • Priority for Access
    1. The priority for information technology access is teaching and learning, service, research and administrative priorities will be determined as they support teaching and learning.

Security of University Information Technology Resources

  • Protection of Information Technology Resources and Institutional Data
    • To protect the integrity of the University's information technology facilities and the users thereof against unauthorized or improper use of those facilities, MSU reserves the right, without notice, to temporarily limit or restrict any individual's use and to inspect, copy, remove, or otherwise alter any data, file, or system resource which may undermine the authorized use of any information technology facility. Policy violations will be reviewed under the guidelines established in Article IV, Violations.
  • Investigation and Review of Policy Infractions

1.    University sanctions are imposed by the appropriate university authority and may include, but are not limited to, limitation or revocation of access rights and/or reimbursement to the university for the technology and personal charges incurred in detecting and proving the violation of these rules, as well as from the violation itself. See Article IV, Violations, for a complete discussion of sanctions and appeals.

2.    Users must use only those information technology resources which the University has authorized for their individual use. The unauthorized use of information technology resources as well as the providing of false or misleading information for the purpose of obtaining access to information technology facilities is prohibited and may be regarded as a criminal act and treated accordingly by the University. User's must not use University information technology facilities to gain unauthorized access to other institutions, organizations, or individuals.

3.    Failure to comply with one or more of the specific requirements of this policy may jeopardize access or use of Murray State facilities and services and could result in a review and investigation into the identified violation.

4.    Supervisors of systems and facilities have the authority to immediately terminate any program or access that is deemed to be inappropriate or detrimental to operations.

  • Control and Licensing of Software

1.    All users are expected to comply with copyright laws that make duplication of copyright-protected materials a crime.

2.    Users may not copy, distribute, display, or disclose third party proprietary software without prior authorization from the licenser. Proprietary software must not be installed on systems not properly licensed for its use. The University does not condone or authorize the copying or possession of illegal software. University students and employees are prohibited from copying software illegally and possessing illegal copies of software, whether for course-related, job-related, or private use. Any violations of this policy or of copyright law are the personal responsibility of the user. The University assumes no liability for such acts.  MSU Information Systems will only support users who can demonstrate that software was obtained legally.

3.    Any user who suspects or has actual knowledge of illegal distribution, costs, display or disclosure of third party proprietary software must immediately report this activity to the University Information Systems staff. Failure to report such activity will be considered a violation of the Information Systems Policy and will be reviewed under the guidelines of Article IV, Violations.

  • Individual Privacy

1.    Users are authorized to access, use, copy, modify, delete or grant others access rights to their personal files or data, as specified in this policy. However, users are not authorized to perform any of these functions on another user's account or a University system unless specifically authorized by the account holder, job description, the Chief Information Officer, or designee, or the appropriate system administrator.

2.    Users may not monitor another user's data communications.

3.    User privacy is not to be violated. All users will be protected from unauthorized activity by a system administrator or any other employee of Information Systems.

4.    Failure to protect the privacy of others by intentionally or unintentionally permitting access to systems or data is unacceptable. Examples of violations of this requirement include:

      • Leaving confidential or protected information on a screen where it could be viewed by unauthorized individuals.
      • Giving a personal password to someone else
      • Leaving a personal password where it can easily be found
      • Allowing someone to use a terminal signed on under a personal password
      • Knowingly failing to report a personal password that has been used by another person, with or without permission
      • Leaving a public PC or terminal signed on and unattended
  • Confidentiality

1.    Releasing any personal or confidential information of the University, staff, faculty, or students with or without accessing authorization, may violate state and federal law and will not be tolerated. Failure to protect confidential information is unacceptable.

2.    Users may be charged with a violation if someone uses their accounts with permission and violates policy. Users are responsible for their information technology accounts, and should maintain secure passwords for systems that support them and take precautions against others obtaining access to their information technology resources.

  • General Security
    • General security infractions include, but are not limited to, the following:

1.                  Using information technology resources for remote activities that are unauthorized at the remote site

2.                      Causing computer failure through an intentional attempt to "crash the system" or through the intentional introduction of a program that is intended to subvert a system, such as a worm, virus, Trojan horse, or one that creates a "trap door"

3.                      Intentionally obscuring, changing, or forging of the date, time, physical source, logical source, or other label or header information on electronic mail, files or reports.

4.                     Intercepting transmitted information without prior written authorization from MSU Information Systems or the appropriate system administrator

5.                       Performing an act which will adversely impact the operation of computers, terminals, peripherals, or networks. This includes, but is not limited to, tampering with components of a local area network (LAN) or the high speed backbone network, otherwise blocking communication lines, or interfering with the operational readiness of a computer

Ethical Practices

  • Expectations
    • All users of Murray State's technological facilities, equipment, and services are expected to conduct themselves in a legal, professional, fair, considerate, and ethical manner. Each individual should use all equipment safely and should help to keep all equipment clean and in good operating condition.
  • Protection and Maintenance of Equipment

1.    Protection and maintenance of equipment includes, but are not limited to the following:

      • Having only technically trained staff perform installations
      • Using only approved wiring, cable, connection, phone lines, and modems
      • Plugging all equipment into an Underwriter's Laboratory approved surge protector or universal power source
      • Locating equipment so that ventilation grids are not blocked
      • Keeping food and beverages away from equipment
      • Scheduling routine maintenance
      • Protecting equipment from extreme heat or cold, excessive humidity, smoke, dust, overloaded circuits, stressed or worn cords, or any other potentially damaging situation

2.    Equipment, software, tools, supplies, etc., are not to be removed from their assigned locations without written authorization from the administrator responsible for those items.

3.    Repair or replacement of any item damaged when used for purposes other than those related to University functions or when used without authorization will be at the user's expense. Unpaid debts incurred in this manner will be handled in accordance with the usual Accounting and Financial Services procedures.

  • Harassing, Offensive, Profane, and Abusive Material
    • Utilization of University equipment and services is only for acceptable forms of communication. it is important to note that the perception or reaction of the recipient is a major factor in determining if a specific communication is harassing, offensive, profane or abusive. Various federal and state laws and University policies apply to this requirement. Written or verbal electronic communications may not include words, statements, or illustrations, which are intended to be or which may be reasonably perceived as harassing, patently offensive, profane or abusive.
  • Commercial Use
    • University information technology resources may not be used for personal financial benefit or commercial profit. The user may not use information technology resources for any commercial purpose without prior written authorization from the Chief Information Officer, or designee, or the appropriate system administrator. Any exception to this policy must be negotiated with and authorized by the Chief Information Officer.
  • Network Utilization and Access
    • The MSU Network and the Internet should never be used for purposes intended to incite crime or for individual profit.
  • Regulations
    • The user may not use computing resources for any illegal or unauthorized act. In particular, the user may not use computing resources to violate any state or federal laws or any of the regulations specified in other official university documents.
    • All users must comply with all Federal regulations, Kentucky statutes, and Murray State policies and procedures as they relate to conduct, actions, use, communication, and access.

Section IV, Violations

  • Review of Reported Violations
    • Violations should be reported to the faculty/immediate supervisor of the individual, the Chief Information Officer, or the administrator responsible for the system, function, data service, etc., that was breached or misused. that individual will determine the seriousness of the infraction and will do one or more of the following:
      1. Warn the individual, accompanied by retraining on all relevant technology policies
      2. File a formal Employee Disciplinary Report (EDR), if the individual is an employee; (This action places the infraction under an existing disciplinary policy and process as described in the Murray State University Personnel Policies and Procedures Manual.)
      3. Suspend access for the individual for a set period of time, accompanied by a requirement for retraining on this policy before regaining access
      4. Permanently suspend access to Murray State information technology resources
      5. Formally write up the infraction, if a student, and submit report to the Vice President for Student Affairs for disposition under the current Student Disciplinary Policy
      6. Consult with the University attorney, if any federal or state statute has been violated, to determine any legal action to be taken
      7. Refer complaints of harassment or discrimination to the affirmative action office in the President's Office
      8. For any individuals outside of the immediate University community, send a written notice of the infraction to the employer, principal, or organization that initiated access for that person
  • Procedure for Appeal
    • Appeals of actions taken will come under existing appeal procedures for staff, faculty, and students. All other appeals will go to the Vice President for Administrative Services for disposition.

Administration of Policy

  • General Caveats
    • Subject to other federal, state, and University policies
      • The guidelines presented here reflect U. S. Copyright Law, Kentucky statutes, federal laws, and other University policies. Information Systems will keep current copies of the pertinent federal and state statutes available for reference.
      • Violation of this policy will result in action by the appropriate University office or agency. Violations of KRS Chapter 434 (Kentucky statutes dealing with unlawful access or use of a computer) may be referred to the Commonwealth Attorney or the appropriate state authorities for investigation and/or prosecution. Similarly, violations of 18.U.S.C. Sec. 1030 (Federal laws dealing with unlawful access or use of computer) may be referred to the Federal Bureau of Investigation. Sanctions for violation of these state and federal laws may be as severe as a $50,000 fine and/or up to five years in jail.
  • Procedure for Development, Review and Modification of this Policy

1.    The Policy Review Subcommittee of the Information Technology Advisory Committee will be a standing body comprised of at least four members of the larger committee in addition to the Chief Information Officer. The Policy Review Subcommittee will meet at the call of the Chief Information Officer.

2.    Proposals for new policies and/or modifications to existing policies will be forwarded through the appropriate lines of communication to the Chief Information Officer. The Chief Information Officer will coordinate the exploration of any proposed policy changes with all concerned areas. These proposals and comments from all concerned will then be brought before the ITAC Policy Review Subcommittee by the Chief Information Officer with a recommendation for implementation.

  • Communication of Policy
    • Signature on an account application form, acceptance of an user ID, or registration on line denotes that the applicant has read and understands the guidelines for on-line use and also denotes acceptance of the responsibility to comply with the Information Technology Policy. In addition to the locations indicated below, this policy is also accessible through MSU's Web page.

1.                  Faculty

        • The policy will be available to all current faculty members as information included in the faculty handbook.
        • The policy will be communicated to all new faculty as part of the new employee orientation. New employees will be required to acknowledge this policy when securing an account.

2.                      Staff

        • New staff members will receive the policy as part of the new employee orientation training session. Employees will be required to acknowledge this policy when securing an account.

3.                      Students

        • This policy will also be available in all computing labs across campus. Applicable portions of this policy will be included in the Student Life Handbook and the Graduate and Undergraduate Bulletins.
        • Acceptance of a user ID is acknowledgement of these policies and their authority.
  • Other Information Technology Policies
    • Departments with their own information technology labs will adhere to the same general operating guidelines as established by this policy.

| MSU Home Page | Search | CampusWeb Home |

Created and maintained by Information Systems
Murray State University.
Last updated June 11, 2003, ©Murray State University, 2003