Towson University (“University”) students, faculty, and staff have responsibilities and obligations regarding access to and use of University information technology ("IT") resources. Activities outsourced to off-campus entities should comply with similar security requirements as in-house activities.
Access to and use of IT Resources owned and operated by the University is granted subject to University policies, and local, state, and federal laws. Acceptable use always is ethical, reflects academic honesty, and shows restraint in the consumption of shared resources. It demonstrates respect for intellectual property, ownership of data, system security mechanisms, and individuals’ rights to privacy and to freedom from intimidation and harassment.Towson University's IT Resources are the property of the University and usage is subject to monitoring, without notice, of all activities as necessary for system maintenance, information security, as required by law and/or to support research of law violations or institutional policy. The purpose of this policy is to outline the acceptable use of IT Resources at the University.
Vice President for Administration & Finance and Chief Fiscal Officer
Office of Technology Services
All divisions, colleges, departments and operating units; University faculty, staff, and students and any other persons using IT Resources.
The University's IT Resources are the Property of the University. Access to the University’s IT resources is a privilege and must be treated as such by all users. Users are responsible for their actions and are required to:
Protect their user IDs and system from unauthorized use. Users are responsible for all activities on their user IDs or that originate from their system.
Access only information that is their own, that is publicly available, or to which they have been given authorized access.
Act responsibly and abide by all applicable laws, licenses, copyrights, contracts and other limitations on access to and/or use of restricted or propriety information. Use copyrighted software only in compliance with vendor license agreements.
Be considerate in their use of shared resources. Refrain from monopolizing systems, overloading networks with excessive data, degrading services, or excessively and/or wastefully using computer resources, such as disk space, printer paper, or other resources.
Protect sensitive non-public information contained on mobile and desktop devices from unauthorized access.
Attend annual information security awareness training as provided by the Office of Technology Services.
Use hardware and software that is appropriately licensed and in accordance with licensing agreements.
Understand that system administrators may examine electronic files, electronic mail and printer listings for the purpose of diagnosing and correcting problems with the system.
Ensure computing device(s) have the latest security software (anti-virus, personal firewalls, etc.) and patches installed and up to date at all times, except for those computers managed by OTS, such as faculty/staff computers.
Complete all required security awareness training activities (e.g., annual security awareness training for faculty and staff, etc.).
Each college, department and administrative unit is responsible for security on its computer systems in accordance with the University's policies and standards and may apply more stringent security standards than those detailed here while connected to the University’s information technology resources. Local computer system administrators are responsible for ensuring that appropriate security is enabled and enforced in order to protect the University’s information technology resources. Local computer system administrators, which are sometimes appointed at a department’s discretion, must make every effort to remain familiar with the changing security technology that relates to their computer systems and continually analyze technical vulnerabilities and their resulting security implications.
Unacceptable uses include, but are not limited to, the following:
Using another person’s user ID, or password.
Using computer programs to decode passwords or access-controlled information.
Misrepresenting your identity or affiliation in the use of information technology resources. This includes misrepresenting or implying that the content of a personal homepage constitutes the views or policies of the University.
Attempting to alter system, hardware, software or account configurations.
Launching computer-based attacks against other users, computer systems, or networks.
Connecting devices (switches, routers, wireless access points, etc.) to the network that are not approved by the Office of Technology Services.
Accessing or monitoring another individual’s accounts, files, software, electronic mail or computer resources without the permission of the owner.
Misusing the University’s computing resources so as to reduce their efficiency or to affect access to the detriment of other users.
Using IT Resources to engage in cyberbullying or harassment, or to transmit obscene or fraudulent messages.
Widespread dissemination of unsolicited or unauthorized communication messages such as email chain letters or broadcasting messages to individuals or lists of users, or producing any communication which interferes with the work of others.
Knowingly breaching or attempting to breach computer security systems, whether with or without malicious intent.
Engaging in any activity that might be harmful to systems or to any stored information such as creating or propagating viruses, worms, Trojan Horses, or other rogue programs; disrupting services or damaging files.
Violating copyright and/or software license agreements. Web pages, electronic mail and electronic files may not contain copyright material without the approval from the owner of the copyright.
Using IT Resources for commercial or profit-making, or mining of electronic currency purposes without written authorization from the University.
Disobeying lab, system, or University policies, procedures, or protocol.
Installing or operating computer games on University-owned computers for purposes other than academic instruction.
Downloading or posting to University computers, or transporting across University networks, material that is illegal, proprietary, in violation of University contractual agreements, or in violation of University policy.
Using IT Resources in violation of any local, state of federal laws.
E. Reporting Violations
All suspected violations must be reported immediately to the proper authorities. For alleged student violations, contact the Office of Student Accountability and Restorative Practices. For faculty and staff, contact your immediate supervisor. For all others, contact the Office of Technology Services Information Security.
Additionally, violations can be reported to SpeakTU at https://www.towson.edu/counsel/ethics-compliance-violations.html a 24-hour / 7 day a week hotline.
The University considers any violation of acceptable use policies to be a serious offense and reserves the right to copy and examine any files or information residing on University systems allegedly related to unacceptable use, and to protect its network from systems and events that threaten or degrade operations.
Violations may result in disciplinary action in accordance with applicable University policies, handbooks, codes and procedures. Offenders also may be prosecuted under applicable local, State and Federal laws.
Violations may result in revocation or restriction of computer and information resource privileges such as loss of access or disablement of user ids.
The Director of Information Security Officer reserves the right to audit computer and network systems on a periodic basis to ensure compliance with this policy.
TU Policy 10-5.00-Data Governance Policy
TU Policy 10-01.01 – Information Technology Security Policy
TU Policy 07-01.00, et seq. – Human Resources Policies
Code of Student Conduct
Guidelines for Responsible Computing
Data Governance Roles and Responsibilities Guidelines
Approval Date: 10/09/2010
Effective Date: 10/09/2010
Amended Date: 03/10/2021
Approved By: President’s Council 03/10/2021
Signed By: President’s Council
This online version of the policy may include updated links and names of departments. To request a PDF of the original, signed version of this policy, email the Office of the General Counsel, generalcounsel AT_TOWSON.