|
These guidelines apply to students use of ICT-resources at the Open University of Tanzania. ICT resources at OUT include computer labs, computers, printers and other peripherals, computer software, electronically stored information, networks and ICT-systems outside OUT accessed from the OUT network. The purpose of these guidelines is to ensure that the ICT-resources at OUT are used in accordance with the goals and strategies of OUT, to prevent illegal or unacceptable activities and to protect the functionality and information stored in the ICT-resources with respect to corruption, authenticity and privacy.
Registered students and participants of short courses and seminars/workshops with a temporary user account valid for the duration of the course.
Food or drinks are not allowed in computer areas.
It is not allowed to move equipment, change configurations, open up equipment or connect/disconnect network equipment at any time.
Students should ask for assistance to adjust equipment or settings, and report problems immediately.
Students should use only their accounts and password, and protect their passwords.
Lost, stolen or problems with accounts and passwords should be reported immediately to the ICT Staff.
Students should use only software programmes authorized by the University and are not allowed to load any software or indeed to delete it.
Students are responsible for the back-up of their work. The University shall not accept any excuse for the loss/damage of the student work. Students with valued data must secure this with their personal copy on disc or other media for the purposes of high volume data storage.
Students should comply with legal and University restrictions regarding plagiarism and the citation of information resources.
Students must work in ways that do not violate the privacy of, nor interfere with, the productivity of other students or staff.
E-mail and personal use of computers shall not deprive other students of resources required for schoolwork.
Students should conserve consumable resources such as paper, ink, and diskettes.
Students should avoid giving out personal information: passwords, names, addresses, phone numbers, and credit card numbers.
Students should log off from the workstation after they have finished, and have to leave the work area tidy.
Student user accounts and storage areas will be deleted when the account expires, the standard period of study comes to an end or the student leaves the course of study. Students are responsible for making copies of data to be preserved.
Students are NOT allowed to use the University's ICT resources in inappropriate ways that :
are disruptive or intended to cause problems for other users
are illegal or libellous
interfere with the normal operations of the school's systems
incite hatred or violence
jeopardize the safety or well being of others
encourage the use of drugs
are pornographic or obscene
promote dangerous or antisocial behaviour
are threatening or insulting
would tarnish the reputation of the University
Students who participate in any of the following may be suspended from classes, or from the University. Even first time offenders may face serious consequences.
Hacking or an attempt to hack: Students are not allowed to hack or attempt to access or modify network resources for which they do not have permission, for whatever reasons. A student who engages in suspicious activities such as tampering with the University security software, ‘snooping', falsifying their identity, or hiding files, will be viewed as a security threat.
Privacy: Students are not allowed to use, attempt to access, or interfere with, another persons' private resources, such as their login, password, email, or files.
Email: Students are not allowed to email inappropriate messages.
Dishonesty: Students are not allowed to engage in activities that promote dishonesty, including plagiarism, sharing files for the purpose of cheating, or stealing the electronic work of others.
Copyright : Students are not allowed to copy and paste text, images or graphics from websites that are protected by copyright, without ‘proper acknowledgment' or permission of the owner of the intellectual property.
License: Students are not allowed to use software for which the University does not have a valid license.
Safety : Students are not allowed to post or email personal information about others that could jeopardize their security.
The activities in this category are considered serious because they are likely to interfere with the normal operations of University systems, or are harmful to members of the University community.
E-mail and other electronic information systems will, in accordance with the University's ICT policy and master plan, reduce the need for paper-based communication. The University makes available e-mail systems for use by its staff and students and encourages the appropriate use of e-mail as an alternative to paper based communication.
Use of E-mail
The e-mail systems are University property and the University reserves the right to monitor and to access any e-mail messages.
The use of e-mail for incidental and occasional personal purposes is permitted for convenience but should not be used for private confidential correspondence.
All users are responsible for ensuring that their e-mail usage is within the regulations and is ethical and lawful.
The sending of text or images that contain material of an offensive, indecent or obscene nature is prohibited.
Users (students/staff) of e-mail should be aware that the following practices are not allowed by the university:
Any use that violates University policies, standards and administrative directives.
The use of another individual's e-mail account using that individual's identity (i.e. the individual's username/password details);
Impersonation or misrepresentation of another individual;
Alterations of source or destination address information;
The use of e-mail that could result in the inadvertent commitment of the University to a contract or agreement if it appears to the other party that he/she has authority to do so;
The e-mailing of some sensitive messages, for example employment decisions;
The use of external e-mail accounts (e.g. Hotmail) for University purposes - this is due to security, sender authorisation and data protection issues. This includes auto-forwarding of university e-mail to external accounts;
The use of e-mail for personal reasons to promote or denigrate companies or organisations, or insult other staff.
Misuse of E-mail
Penalties for misuse of e-mail will depend on the seriousness of the offence, and be in accordance with current University procedures rules and regulations.
Users (staff and students) of e-mail should adhere to the following guidelines for appropriate use:
Check your e-mails regularly;
Be polite. Messages sent by e-mail can often seem abrupt, even when this is not the intention. Use professional courtesy and discretion. The use of all upper-case text in either the subject or the body of an e-mail should also be avoided as this is deemed to be the e-mail equivalent of shouting;
Do not reply “With History” if it is not necessary especially if it incorporates a large attachment.
Set the Out-of-Office flag and arrange for someone to deal with your e-mail if you are away;
Messages should be clearly addressed to those from whom an action or response is expected, "cc" or "bcc" should be used for other recipients of the message;
Use 'reply all' and distribution lists with caution in order to keep the number of your messages to a minimum and reduce the risk of sending messages to the wrong people;
Respect privacy and consider this aspect before forwarding messages;
Delete unwanted or unnecessary e-mail. It is the user's responsibility to manage their own e-mail folders and keep within the quota limits set.
Unsolicited e-mail, especially with an attachment, may contain a virus. If in doubt, delete the e-mail or contact the sender to check before opening;
Do not try to carry out confidential or sensitive tasks or air controversial views on e-mail;
Enter a meaningful 'subject' field to help the reader anticipate the content correctly, and try to keep to one subject per message;
Don't distribute other people's messages without permission;
Avoid subscribing to unnecessary mailing lists. Unsubscribe from mailing lists when they are no longer required;
E-mail transmissions and postings to electronic notice-boards should normally be limited to matters of University business.
Do not forward on e-mail "chain letters". These are e-mails which either ask you to forward them on to all your friends (or to everyone you know) or which state that something bad will happen if you do not forward them on. E-mails of this type, which are warning about something (e.g. computer viruses), are almost certainly hoaxes as well. If you are unsure about any e-mail that you've received contact the helpdesk immediately.
Group account for various departments and faculties shall be set up as and when they are required.
I nformation systems usage guidelines
OUT provides Internet/Intranet access to students and staff for university business use only. The procedures listed below will guide staff and students to determine proper business Information systems resources usage.
A staff member or a student is not allowed to share his/her account with somebody else.
The home directory for a user account must not be in the root or usr file system
Each user's home directory has write access by the user only
Any user logins that have not been used for more than three months will be terminated and the data associated with that login will be archived for a maximum of six months.
Regular review of authorised users and their privileges shall be carried out.
Group login accounts are not allowed.
Guest accounts will be deleted or disabled within a week after expiry of its validity.
Disk quotas should be assigned to each user
Time restriction i.e. times of the day, and days of the week, that a user may be logged to the system can be implemented to restrict usage of the system and resources beyond working hours. (Applicable to critical systems such as financial management systems, Exams etc.)
Retired/terminated/dismissed/suspended student or staff user accounts shall be disabled immediately.
Any authorised personal computer or laptop to be used on the system will have its own account.
Only registered personal computers and laptops can be used to gain access to the system.
All new ICT equipment should be reported by users to IET for purposes of registration.
Every account must have a password/pass phrase. Administrators require passwords for every active login without exception. The administrator shall make sure that an incorrect password is never used for an initial assignment, even if password ageing is used. Users must be informed of the proper password requirements. The importance of selecting a password that is not easily determined by others (e.g. birth date, first name).
Users are required to enter their usernames and passwords/pass phrases in order to login to the system.
User password/pass phrase length must be a minimum of six characters and a system administrator password must have a minimum of eight characters (preferably a combination of numbers and characters).
The maximum password/pass phrase lifetime will be set. A shorter period is recommended for system administrator accounts. The last 5 passwords may not be reused.
All equipment and software supplied with default passwords for predefined system accounts will have to be changed immediately upon installation or upgrade.
Administrators will restrict the use of vendor logins. The administrator may activate a password for a vendor for a specific amount of time and for limited privileges. The administrator shall keep a record of these vendor login requests in the form of a log specifying date, time, group, and purpose of use.
A unique password must be assigned to each new account and each user must change his/her password immediately when using the account for the first time.
An authorised password checker programme will be run periodically
Passwords should not be communicated via e-mails
Password ageing should be used wherever and whenever possible. The longer a static password is used, the greater the chance that it can be compromised via a password analyser, a personal watching keystrokes, etc.
Any Unix system will require a password when booting a single-user. If the console to a Unix system is not in a physically secure area, an intruder may gain root access by crashing the system and rebooting single-user. Ideally, a Unix system should boot multi-user and password should be required when booting single-user.
The password to a user's account is the key to the security of information, and more generally the integrity of the University's information systems. A user is responsible for all activities and possible misuse originating from his or her account and it is important that the password is not disclosed to anyone else, whether intentionally or accidentally.
Password should not be written down or permanently stored on a machine or in a database. Use Pass phrase which is easy to remember so that it can not be easily guessed by others.
A user should log off from his/her computer when he/she leaves even if it is for a short time. That is Do not log in and leave your computer un-attended. Remember when you log into the system, you are responsible for all transactions thereafter, up to when you log off.
If a user has forgotten his/her password or must have it reset by the administrator, he/she must do it in person. (Note: Administrator does not know users passwords and has no right to know them. He/she has only the capability of re-setting passwords).
Users are not allowed to share their identifications and passwords. If there is a requirement to grant access to an outside user, that user must follow appropriate procedures to apply for access.
Both the system and application programmes must incorporate multiple levels of password protection where possible.
When sensitive information is stored on a backup medium, precautions must be taken to ensure the storage is secure. Particular care should be taken to ensure physical security.
Access to sensitive information should be strictly controlled when temporary staff, consultant or fieldwork students are employed.
Confidential information is not to be transmitted over the Internet without proper encryption.
Transmission of harassing, discriminatory or otherwise objectionable E-mail or files (as determined by the recipient) is strictly prohibited.
Disruptive behaviour such as introducing viruses or intentionally destroying or modifying files on the network is strictly prohibited.
Any personal use of the network for commercial or illegal activity is strictly prohibited.
Transmission of any religious or political messages is strictly prohibited.
The usage of the University ICT resources should confirm to the University Mission and Vision and not otherwise.
This part of the ICT security policy and procedures applies to all users of the University ICT systems and resources. It is a violation of the said policy to fail to comply with security practices described in this part of the ICT security policy and procedures. Any user who fails to adhere to the policy and procedures will be subject to penalties and disciplinary action, both within and outside the University. Violations will be handled through the University disciplinary procedures as provided for in various rules and regulations.
The University may temporarily suspend, block or restrict access to ICT resources when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of University. The University may also refer suspected violations of applicable law to appropriate law enforcement agencies where necessary.
|