UNIVERSITY OF HERTFORDSHIRE ACCEPTABLE USE POLICY FOR

DEPARTMENT OF COMPUTER SCIENCE

Saad Yousaf
17055433
Table of Content:
1 Executive Summary
2 PURPOSE and Scope
3 KEY SECURITY PRINCIPLES
3.2 Availability

3.3 Integrity

3.4 Confidentiality

4 Acceptable Use Policy (AUP):

4.2 Registration

4.3 Legal use

4.4 Permission

4.5 Awareness

4.6 Non Commercial use

4.7 Log Out policy

4.8 Inform

4.9 Modification

4.10 Bring your own device

5 Unacceptable Use
5.2 Acceptable Usage

5.3 Offensive material

5.4 Discrimination

5.5 Rights

5.6 false intensions

5.7 damages

5.8 VPN

6 BYOD, Monitoring and reporting

1.Executive Summary:
Information Technology services are provided by University of Hertfordshire (UH)
for educational and business purposes in relation with of University of
Hertfordshire’s aim and interests. IT services and different Information security
services are made available to a wide range of users on conditions. All users of UH
services rather students, teachers, staff or employee must comply with this
Acceptable Use Policy.
Acceptable use of UH’s IT services is legislative, reasonable and raises no
unnecessary risks or security threats for University of Hertfordshire. Whereas,
Unacceptable use is opposite to the University’s Rules and Regulations and will be
subject to disciplinary procedures.
All the users of UH’s IT services are responsible to read and understand this
policy. This policy may be updated from time to time, to comply with lawful and
policy requirements.

2.Applicability & Scope:

This policy is applicable in all IT services administered or supported by UH,
including services provided under contract for UH’s. It is straightforwardly
addressing the use of University of Hertfordshire’s software and hardware,
network storage, personal or private data and resources and connections beyond
UH’s It also addresses the use of UH’s assets accessed via resources or Bring Your
Own Device Policy.
3.KEY SECURITY PRINCIPLES
The University of Hertfordshire has classified the following key security principles
to its Information Security Policy.
3.2 Availability:
The basic principle is availability of resources to enable Users to fulfil their
designated roles. Members of the University will have access to information and
the systems that manipulate or modify that information within the limits of the
privileges allowed to them. They are allowed to use all the equipment to do their
work which is allocated by the Department of Computer Science.
3.2 Integrity:
This principle is for those employees who work for the university. The
information provided to Members of the University should be accurate, timely
and complete so that the University can conduct its educational and business
processes effectively. University is liable to provide complete information to the
members so they may be able to use IT services or other integral services of the
University.
3.3 Confidentiality:
This is the most important principle of this policy. Confidential(Private)
information of University or its staff should only be available to those who have
been allowed to access it. However, Information that is not confidential and does
not harm sensitive data of university should be easily available without
restriction. This is the responsibility of staff members to secure university’s
privacy and confidential information.
4. Acceptable Use Policy (AUP):
4.2. Registered users which are students, faculty and employees are encouraged
to use HERTS’s IT services to further the goals and objectives of their College
related work, research and studies.
4.3. Legal use of University’s IT services. Members are not allowed to do tasks for
their leisure time.
4.4. University’s IT services are permitted for personal use but only on a
conditional basis providing it does not cause unwarranted expense, liability or
risk, or damage to reputation of University.
4.5. Every User should be aware that he is subject to any lawful regulations
applicable at a remote site when using University’s IT services, or to any
regulations governing the use of a specific application or services.
4.6. Members are allowed to use different software installed on the workstations
but are permitted to use it Commercially which is unrelated to the interests of
UH.

4.7. Log out of the computer and your workstations when you have finished your
work.

4.8. Members must inform university’s network administration or IT response

center if they note any unauthorized access to the system stations so that they
can take early measures accordingly. (ISO/IEC 27004)
4.9. Modifications to vendor supplied software is not encouraged.
4.10. Members are allowed to bring their personal electronic devices but there
should no malware, suspicious or security related threats involved.

5. Unacceptable Use:
5.2. Every user must be aware with unacceptable usage of IT services that
become threat to the University.
5.3. Transmitting, creating, storing or displaying offensive, indecent or obscene
material
5.4. Creating, transmitting or displaying of material that deliberately and
unlawfully discriminates, or encourages deliberate and unlawful discrimination,
on the grounds of race, ethnicity, gender, sexual orientation, marital status, age,
and disability, political or religious beliefs
5.5. Creating or transmitting defamatory material o Obtaining, transmitting or
storing material where this would breach the intellectual property rights of
another party.
5.6. Intentionally disabling or compromising UH’s IT security systems
5.7. Physical or other damage to IT services.
5.8 Staff and members are not allowed to use University’s information services
without university’s Virtual Private Network (VPN) service when they are using it
off campus.

6. BYOD, Monitoring and Reporting:

Members and Students are allowed to bring their personal electronic device such
as Laptop, smart phones, Tablet Pcs etc. But they need to make sure that there
should no virus, malware, suspicious or security related threat there.
They need to scan their devices in order to use universities internet and other
facilities which are available for students and staff. They can also connect with the
university’s network but cannot access university’s unauthorized access area.
The devices should be registered with the university. There must be no remote
access software installed on the device
Any registered user found to have violated this policy will be in breach of
University’s Regulations. Breaches shall be subject to initial investigation by IT
Services and should be reported to the Service Desk as a security incident or
policy breach. Breaches of this policy will also be subject to disciplinary
procedures as deemed appropriate.