Acceptable Usage of Information Resources Policy
Published: March 2010
Revised: March 2018
This Policy establishes the accountability of all Users (as defined in the OMG Information Security Charter (the “Charter”) https://www.omahamediagroup.com/isc) of OMG’s Information Resources. It addresses the confidentiality, integrity and availability of such Resources in support of the OMG missions, codifies appropriate usage and establishes the need for Users to respect the rights of others and to be in compliance with other OMG policies, policies of external networks and resources, and all applicable federal, state and local laws and regulations.
The OMG Information Resources are provided to support the creative development missions of OMG and their supporting creative management functions. Inappropriate use of these Information Resources threatens the atmosphere for the sharing of information, the free exchange of ideas and the security of an environment for creating and maintaining Information Resources.
This Policy applies to the access and use of the OMG Information Resources, whether originating from OMG or non-OMG Information Resources, including personal computers, as well as the access and use of Information Resources provided by research sponsors to, or leased or hired by, OMG Users.
Additional terms apply to the use of email at the OMG, as described in the OMG Email Usage Policy http://www.omahamediagroup.com/legal.
Capitalized terms used herein without definition are defined in the Charter.
II. Policy History
- The effective date of this Policy is March 30, 2010.
- Reviewed and/or revised March 14, 2018.
III. Policy Text
A. Privacy Expectations
OMG respects the privacy of individuals and keeps User files and emails on central OMG Systems as private as possible. However, to protect the integrity of its Information Resources and the rights of all Users, the OMG reserves the right to monitor access to Information Resources, communications on the OMG Network and use of Systems and Data, as described in more detail in the Section III(C) of the Charter.
For reasons relating to compliance, security or legal proceedings (e.g., subpoenas) or in an emergency or in exceptional circumstances, the Office of the General Counsel may authorize the reading, blocking or deleting of Data. In particular, in the context of a litigation or an investigation, it may be necessary to access Data with potentially relevant information. Any such action taken must be immediately reported to the Office of the General Counsel and the applicable Information Security Office.
B. Prohibited Actions
No User of Information Resources may take any of the following actions:
- Use Information Resources in violation of the Information Security Policies;
- Violate any institutional policies or procedures or use Information Resources for unethical, illegal or criminal purposes;
- Violate the privacy of co-workers, subcontractors, affiliates, or clients;
- Violate the rights of any person protected by copyright, trade secret, patent or other intellectual property or similar laws and regulations (i.e., installing or distributing pirated or other inappropriately licensed software);
- Copy, distribute or transmit copyrighted materials unless authorized;
- Obstruct OMG work by consuming excessive amounts of Network bandwidth and other System resources or by deliberately degrading performance of a computer;
- Create any program, web form or other mechanism that asks for a OMG user identity and password other than user authentication mechanisms authorized by the applicable Information Security Office;
- Intimidate, harass, threaten or otherwise do harm to other Users or internal or external Information Resources;
- Transmit materials in violation of the OMG’s sexual harassment, hostile workplace or protection of minors policies;
- Make offers of products, items or services that are fraudulent;
- Intentionally cause a security incident (e.g., log into an account or access Data that the User is not authorized to access, etc.); 3
- Intercept or monitor Data not intended for the User unless specifically authorized by the applicable Information Security Office;
- Attempt to avoid the User authentication or security of Systems or Endpoints;
- Allow any unauthorized person to use institutional computers for personal use;
- Violate the policies of external networks and resources while using such external resources;
- Create or intentionally release computer viruses or worms or otherwise compromise a computer;
- Engage in frivolous, disruptive or inconsiderate conduct in computer labs or terminal areas;
- Use a OMG network to gain unauthorized access to a System or Data or escalate privileges on a System; or
- Use OMG electronic information resources for commercial purposes, except where explicitly approved. Prohibited uses include but are not limited to: development of programs, data processing or computations for commercial use, preparation and presentation of advertising material, or the running of a server connected to the OMG network.
C. Required Actions
Each User of Information Resources must take the following actions:
- Ensure that his/her account or password is properly used and is not transferred to or used by another individual;
- Log off from a System or Endpoint after completing access at any location where such System or Endpoint may potentially have multiple Users;
- Ensure that Sensitive Data is protected with a password and encrypted while in transit or storage;
- Report the loss or theft of any Endpoint or System containing Sensitive Data in accordance with the OMG Electronic Data Security Breach Reporting and Response Policy https://www.omahamediagroup.com/isc;
- Use OMG Email Systems only in compliance with the OMG Email Usage Policy https://www.omahamediagroup.com/isc; and
- Take Responsibility for any traffic that appears on the network that originates from a network jack assigned to them, or from their wireless device(s) and their wireless network(s).
In addition, it is recommended, but not required, that confidential Information be protected with a password while in transit or storage.
IV. Cross References to Related Policies
The Information Security Policies referred to in this Policy are listed in Appendix A hereto.
- Electronic Data Security Breach Reporting and Response Policy
- Email Usage Policy
- Information Security Charter