Catalog of Inappropriate & Unacceptable Use of Computing Resources
The University of Oregon has an Acceptable Use Policy (AUP). The requirements for acceptable use of UO Computing Resources outlined in this policy are guided by the following general principles:
- UO Computing Resources are intended to enable the university's research, instructional, administrative, and service-related functions. Uses beyond these functions must comply with existing university policies and procedures as well as state and federal law.
- UO Computing Resources are to be used and supported to ensure data confidentiality, integrity, and availability.
- Each user is expected to comply with UO Information Security policies and standards; and take necessary precautions as outlined in UO Information Security policies, standards, and guidelines to safeguard UO Computing Resources and to report policy violations or suspected security incidents.
- Each user is expected to use UO Computing Resources responsibly and to be considerate of other users of shared resources.
- Subject to law and applicable policy, authorized university personnel with a demonstrably legitimate need may access an individual’s specific UO Computing Resources to fulfill their official professional responsibilities (e.g., conducting security incident investigations by IT staff). See “Access and Review” below.
The entries in this document represent events, actions or behaviors that do not comply with the appropriate and acceptable use of UO Computing Resources.
As the university encounters new situations that require an evaluation as to whether they are in accordance with the principles stated above, the Information Security Office (ISO) staff and the Information Security and Privacy Governance Subcommittee (ISP-GC) will review the merits and render a decision. If the evaluation finds them unacceptable, they will be logged into this document and tagged with the date of the finding. This analysis will not preclude the university from acting promptly to ensure the protection of the confidentiality, integrity and availability of university data and computing resources.
If the analysis finds the action follows the principles of the AUP, it will be logged into the Catalog of Appropriate & Acceptable Use of Computing Resources.
Inappropriate & Unacceptable Use Entries
| Entry Date | Activity Description |
|---|---|
| 12/10/25 | Searching for and attempting to circumvent or exploit information system security flaws in UO Computing Resources without the express permission of the Information Security Office (e.g., using tools such as vulnerability scanners, penetration testing, password crackers, packet sniffers, social engineering techniques such as phishing, or other hacking tools). |
| 12/10/25 | Performing intentional and/or malicious excessive use of UO Computing Resources that substantially interferes with the university's mission. |
| 12/10/25 | Sharing your personal, or individual non-person, account access credentials such as passwords or tokens with another person, including but not limited to your IT support staff, Information Security Office staff, supervisors, your staff, family or friends. |
| 12/10/25 | Storing or processing UO data in information systems that do not comply with university security policies, standards, and controls or that violate applicable regulatory requirements. |
| 12/10/25 | Attempting to impersonate, intercept, alter, or monitor another User’s communications or files without their permission or an approved business need. |
| 12/10/25 | Taking deliberate actions that significantly disrupt university operations, violate confidentiality agreements, or significantly increase the risk of causing a security incident. |
| 12/10/25 | Attempting to locate data on UO Computing Resources for which the User does not possess a justifiable business reason for attempting access. Technical ability to access data does not automatically confer authorization to access said data without a valid business justification. Attempts to access data may include, but are not limited to, the following:
|
| 12/10/25 | Using email, social networking sites or tools, text messaging (SMS, video, picture, audio or other media messaging provided via mobile phone) or other messaging services in any inappropriate manner including, but not limited to, usage:
|
| 12/10/25 | Using UO Computing Resources to gain unauthorized access to, or in any way compromise the security of, any UO or non-UO person, computer systems or services. |
| 12/10/25 | Using UO Computing Resources to violate UO policies, standards and guidelines, state and federal laws, and contractual agreements. |
| 12/10/25 | Transmit commercial or personal advertisements, solicitations, endorsements or promotions unrelated to the business of the university or in violation of other university policies. |
| 12/10/25 | Send, receive or store legally restricted and/or confidential information via means not approved by the information security office (e.g., usage of unapproved cloud-based storage). |
| 12/10/25 | Access, transmit or otherwise use illicit or inappropriate material (e.g., child pornography, drug sales, etc.) through email, internet traffic or by any other means through the use of UO Computing resources. |
| 12/10/25 | Knowingly introduce any computing device to the university network that is infected with malware (or suspected to be otherwise compromised). |
| 12/10/25 | Using generative AI tools (e.g., ChatGPT, Gemini, Copilot, or other LLMs) to perform malicious or inappropriate actions, or to generate malicious, inappropriate or illegal material. |
| 12/10/25 | Using any AI-based tools and services that have not been explicitly authorized by UO Information Services to handle UO proprietary information. Authorizations are not transferable from one user to another. Authorization for the use of AI-based services will include a combination of all the following:
|
| 12/10/25 | Using public cloud platforms (e.g., AWS, Microsoft Azure, etc.) to store or process university's proprietary data without explicit authorization from UO Information Services. |
Revision History
| Version | Published | Author | Description |
|---|---|---|---|
| 1.0 | 12/10/2025 | Information Security Office (ISO) | Original Publication |