Appropriate Use of Information Technology Resources (PS-08-003.2)
PS-08-003.2 Appropriate Use of Information Technology Resources
Issue Date: 3/20/2008
Revision Effective Date: 7/1/2018
Review Date: 12/1/2020
State of Georgia information technology resources are provided to authorized users to facilitate the efficient and effective performance of their duties. The use of such resources imposes certain responsibilities and obligations on users and is subject to state government policies and standards and applicable state and federal laws. It is the responsibility of users to ensure that such resources are not misused.
SCOPE, AUTHORITY, ENFORCEMENT, EXCEPTIONS
See Enterprise Information Security Charter (Policy)
State information technology resources are tools to be used to facilitate the execution of official state business. All use of such resources imposes certain responsibilities and obligations on all users and is subject to state government policies and standards and applicable state and federal laws. All users of State information technology resources shall refrain from inappropriate use (as defined in Terms and Definitions) of such resources at all times, including during breaks or outside of regular business hours.
Users of state information technology resources shall receive and sign acknowledgement indicating that users have read, understand, and agree to abide by the rules of behavior, before state agencies grant access. State agencies shall review and update rules of behavior as appropriate and require users who have signed previous versions of the rules of behavior to read and re-sign when the rules of behavior are revised/updated.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
- Appropriate Use and Monitoring (Standard)
- Electronic Communications Accountability (Standard)
- Email Use and Protection (Standard)
- NIST Computer Security Resource Center- http://csrc.nist.gov/
- NIST SP 800-53 Controls
TERMS and DEFINITIONS
Information Technology Resources or IT Resources means hardware, software, and communications equipment, including, but not limited to:
personal computers, email, internet, mainframes, wide and local area networks, servers, mobile or portable computers, peripheral equipment, telephones, wireless communications, public safety radio services, facsimile machines, technology facilities (including but not limited to: data centers, dedicated training facilities, and switching facilities), and other relevant hardware and software items as well as personnel tasked with the planning, implementation, and support of technology.
Inappropriate use includes (but is not limited to) actual or attempted misuse of information technology resources for:
- Conducting private or personal for-profit activities. This includes use for private purposes such as business transactions, private advertising of products or services, and any activity meant to foster personal gain;
- Conducting unauthorized not-for-profit business activities;
- Conducting any illegal activities as defined by federal, state, and local laws or regulations;
- Creation, accessing or transmitting sexually explicit, obscene, or pornographic material;
- Creation, accessing or transmitting material that could be considered discriminatory, offensive, threatening, harassing, or intimidating;
- Creation, accessing, or participation in online gambling;
- Infringement of any copyright, trademark, patent or other intellectual property rights;
- Performing any activity that could cause the loss, corruption of or prevention of rightful access to data or the degradation of system/network performance;
- Conducting any activity or solicitation for political or religious causes;
- Unauthorized distribution of state data and information;
- Attempts to subvert the security of any state or other network or network resources;
- Use of another employee’s access for any reason unless explicitly authorized;
- Attempts to modify or remove computer equipment, software, or peripherals without proper authorization.
- Attempts to libel or otherwise defame any person
- Any use identified by the agency owning or contracting for the information technology resource as inappropriate use.