1. University Wide Policy Library
  2. Administration and Operations
  3. Cybersecurity Policy for the use of Digital Assets by Guests

Cybersecurity Policy for the use of Digital Assets by Guests

Final Approval Body: Senior Leadership Team
Senior Administrative Position with Responsibility for Policy: Vice-Principal, Finance and Administration
Date Initially Approved: November 2025
Date of Last Revision, if applicable: N/A 

Definitions

A complete glossary of technology and cybersecurity related terms and acronyms will be maintained in the Digital Information Security Glossary of Terms and will be made available to all community members and guests.

 

  • Digital Assets: Discrete or aggregated data, digital services, digital identities, digital technologies, and endpoints within the information technology environment, both on and off University premises, that are provided by the University or purchased using university funds. [Queen’s specific]
  • Endpoints: Client access devices, including, without limitation, laptops, desktops, and mobile devices. Endpoints may be personally owned, or provided by the University (i.e., purchased using University funds). [Queen’s specific]

Purpose

The purpose of the Cybersecurity Policy for Guests is to establish responsibilities of visitors and other invitees (“guests”) as they use and interact with digital assets operated by, or on behalf of, the University. By fostering responsible and ethical use, this policy ensures that guests can fully leverage these assets. Additionally, the Policy helps to mitigate the risk of cybersecurity incidents, safeguarding both the guest and the University's digital environment.


This policy contributes to a safe and supportive digital environment where guests can engage respectfully with our community, explore shared resources, and express diverse perspectives without fear of external interference or unwarranted restrictions. By adhering to responsible and ethical use of digital assets, guests help uphold the conditions necessary to support Indigenous rights to self-determination and cultural continuity and contribute to a community where all voices are valued and respected.

Scope

The Cybersecurity Policy for Guests is designed to support guests of and visitors to the University as they access and use digital assets operated by, or on behalf of, the University by clearly defining their responsibilities related to ensuring a cybersecure digital environment. Guests include:

  • Visitors
  • Collaborators
  • Vendors
  • Invitees

Acceptable use of University Digital Assets 

Guests are welcome to use digital assets operated by, or on behalf of, the University for their intended purpose. Usage must:

  • be responsible, ethical, and legal,
  • be consistent with the ֱ, values, and strategic goals of the University,
  • comply with applicable University Policies and other governance instruments,
  • be considerate of the rights of other community members and guests,
  • not cause harm to the University.

Responsibilities

Access Control
Guests may only access and use digital assets operated by, or on behalf of, the University to which they have explicitly been granted perֱ, including, without limitation, digital identification and authentication credentials issued explicitly to them by the University (“credentials”).
Identification and Authentication
Guests may be required to select a password or passphrase as the knowledge factor for credentials that have been issued to them by the University, that password or passphrase must comply with minimum password complexity requirements. By following , and selecting strong passwords or passphrases, guests contribute to the security of their accounts and the University's digital environment.
Guests are responsible for protecting their password or passphrase and must not share or disclose it to anyone.
System and Information Integrity
Guests are responsible for protecting and maintaining the personal endpoints that they use to connect to university wireless networks, or other University digital assets. It is strongly encouraged that:

  • The endpoint operating system and other software are intended for use on the endpoint. Software versions are supported by the manufacturer or vendor, and recent updates and security patches are installed,
  • Protection software that detects and prevents malware and other unwanted software is installed and up to date,
  • The endpoint operating system firewall is active and configured.

Prohibited use of University Digital Assets

To ensure a safe and respectful digital environment, guests are encouraged to use digital assets operated by, or on behalf of, the University responsibly. To protect the integrity and security of our online community, the following actions are not permitted:

  • Attempting to gain access to or use digital assets to which explicit perֱ has not been granted, including credentials not issued explicitly to the guest by the University.
  • Sending unsolicited electronic messages, commercial or otherwise, while connected to the university network. For more information about unsolicited commercial electronic messages and relevant legislation and regulations, please review the guidance on the Canadian Anti-Spam Legislation (CASL) at Queen’s University web page.
  • Using peer-to-peer file sharing technologies and networks (such as BitTorrent) to download or share content.
  • Using digital assets in a manner that .
  • Using digital assets in a manner intended to deceive, including impersonating the University, any member of the university community, or any other person or entity; giving the impression of representing or being endorsed by the University or any other institution or organization if this is not the case; misrepresenting identity or affiliation in any way.
  • Using digital assets in a manner that disables, overburdens, impairs, or damages the university network or any other university digital asset; restricts, inhibits, or interferes with the use of university digital assets by any other community member or guest; deliberately propagates a virus, malware, or any other malicious code.
  • Using technologies on the university network that automates the enumeration of entities or monitor or collect network activity and data from the university network, including network, port, or security scanning; robots or spiders; network sniffing; keystroke logging.

Assurance 

Suspected violation of this Acceptable Use Policy may result in the implementation of containment measures. Containment measures may include, without limitation:

  • Disabling access to university digital assets,
  • Disabling credentials,
  • Isolating or removing a client access endpoint from the network.

Violation of this Acceptable Use Policy may be referred to an appropriate authority for investigation and may result in disciplinary action at the discretion of said authority.
 

Related Policies, Procedures, Guidelines: Responsible Use of Digital Resources Policy
Policies Superseded by this Policy: Acceptable Use Policy for Guest Network Access
Responsible Officer: The Associate Vice-Principal (Information ֱ Services) and Chief Information Officer
Contact: Information Security Officer 
Date for Next Review: 2030