| |
Security Rule - Specific Rules on Non-Acceptable Use of Electronic Resources
Background
Administrative Safeguards
Physical Safeguards
Technical Safeguards
User Responsibilities
Acceptable Uses of Electronic Resources
Specific Rules on NON-Acceptable Use of Electronic Resources
The following specific uses of VCU Health System computing resources are not allowed. This is not a complete list of prohibited practices, but is intended to illustrate the general standards involved with the use of computers. Additional specific prohibitions may be enforced for individual computer systems or networks or departments.
The following activities and behaviors are prohibited:
• Misrepresentation (including forgery) of the identity of the sender or source of an electronic communication;
• Acquiring or attempting to acquire passwords of others;
• Using or attempting to use the computer accounts of others;
• Alteration of the content of a message originating from another person or computer with intent to deceive;
• The use of computer resources or electronic information without or beyond one's level of authorization;
• The interception or attempted interception of communications by parties not explicitly intended to receive them;
• Making Health System computing resources available to individuals not affiliated with the VCUHS without approval of an authorized official;
• Making available any materials the possession or distribution of which is illegal;
• Unauthorized access, possession, or distribution, by electronic or any other means, of electronic information or data that is confidential;
• Intentionally compromising the privacy or security of electronic information; and revealing passwords or otherwise permitting the use by others (by intent or negligence) of personal accounts for computer and network access;
• Altering or attempting to alter files or systems without authorization;
• Unauthorized scanning of networks for security vulnerabilities;
• Attempting to alter any Health System computing or networking components (including, but not limited to, bridges, routers, and hubs) without authorization or beyond one's level of authorization;
• Unauthorized wiring, including attempts to create an unauthorized network connection, or any unauthorized extension or re-transmission of any network services;
• Intentionally damaging or destroying the integrity of electronic information;
• Intentionally disrupting the use of electronic networks or information systems;
• Intentionally wasting human or electronic resources; and
• Negligence leading to the damage of VCUHS electronic information, computing/networking equipment and resources.
|
|
