Office of the Vice President for
Administration and Finance

SECTION: INFORMATION TECHNOLOGY INDEX: G-1

SUBJECT:  COMPUTER AND INFORMATION SECURITY

POLICY

Information resources, including data, computers, networks, telephone systems, and related infrastructure, are vital assets to the university which require protection and security from intruders, malicious acts, and situations and circumstances that may affect availability of use.  The Information Technology (IT) department is responsible for developing and maintaining procedures to provide the following security measures to protect those resources:

• Log-on ID's and passwords to provide controlled, legitimate access
• Protection of software, equipment, and infrastructure
• Protection of data, including identification of confidential information
• Security Monitoring
• Disaster recovery/business continuity
• Employee training and notification of security issues

PROCEDURES

All of the following procedures will be implemented in compliance with Texas Administrative Code Rules 202.70 through 202.78.

Log-on ID’s and passwords

IT provides controlled, legitimate access to resources through the issuance of user ID’s and passwords as specified in the Application Servers section of policy G-3, Campus IT Services. Changes in employment status, such as hires, department transfers, and terminations, must be reported to the Systems Administrator in IT immediately so that access to campus technology resources can be given, modified, or disabled, as appropriate.

Accounts or passwords must not be shared, nor should access be granted or allowed to anyone other than the person to which the account was assigned.

Protection of Software, Equipment, and Infrastructure

Information Technology is responsible for protecting software, equipment and infrastructure.

Software: Software control is specified in Policy G4, Software Management. Before adding new software to university computers and networks, system defaults should be carefully reviewed for potential security holes, and passwords shipped with the software should be changed. Downloading software, particularly software that is not job-related or supported by IT or university administration, may introduce security risks and may be controlled or removed if problems arise from its presence.

Equipment: The university's technology assets are to be housed in appropriately secure physical environments. Technology assets include personal computers, laptops, printers, modems, servers, network equipment and components, interactive video systems, and telephone equipment. All of these items should be located in areas that can be secured for general protection, but the servers and network equipment and components will be located in secure areas with access limited to authorized personnel only.

Infrastructure: Network configuration is installed and maintained in accordance with the Texas Department of Information Resources security policy for network configuration.

Protection of Data

Information Technology will provide and maintain recommended practices (Recommended Practices) for efficient and effective use of technological resources. Access to data is controlled through user ID's and granting permission through those user ID's.

Users are responsible for following all University, System, State, and Federal policies regarding protection of confidential or sensitive data that is stored or transmitted electronically. The storage or transmission of said data must be adequately protected or encrypted using applications or processes available in I.T. Contact the Network Administrator for more information regarding these processes.

Electronic backups are a business requirement to enable the recovery of data and applications in the case of events such as natural disasters, disk drive failures, intrusion, malicious acts, espionage, data entry errors, or system operations errors. Data is backed up as described in the Application Servers section of policy G-3, Campus IT Services

As obsolete or unneeded equipment is disposed of, the university will assess the data stored therein and remove the appropriate data files or sanitize the device to meet Texas Administrative Code requirements. A record of that process and the systems affected will be maintained.

Security Monitoring

Security Monitoring is a method used to confirm that the security practices and controls in place are being adhered to and are effective. Monitoring consists of activities such as the review of

• Continual automated intrusion detection and prevention logs


• Firewall logs


• User account logs


• Network scanning logs


• Application logs


• Data backup recovery logs


• Help desk logs


• Other log and error files

IT will maintain audit logs on controlled systems to track usage information to a level appropriate for that system, including user sessions and failed connection attempts. IT has the discretion to implement any additional logging as necessary. IT will also perform vulnerability testing of university networks annually.

The I.T. Network Administrator serves as the university’s Information Security Officer, and should be contacted for questions or concerns regarding information security or to report violations of security policies or procedures.

The university provides our students, faculty, staff, and guests an open wireless environment with Internet access as well as limited access to university resources. The wireless environment will meet the requirements of Texas Administrative Code Rule 202.75.

Disaster Recovery/Business Continuity

IT is responsible for insuring business continuity as specified in the University Business Contingency Plan.

 

Employee Training and Notification of Security Issues

 

The University of Houston System provides training regarding required security practices, and UHV I.T. will notify university personnel of security incidents of which to be aware and will occasionally send emails reminding university employees of best security practices and confirming their agreement to abide by the Acceptable Usage Policy.

 

Approved:

 

Signature Obtained         03/02/2009
Tim Hudson, Ph.D.          Date
President

Next review date:   February 2011
Origination:   Director of Information Technology

[Back to MAIN Table of Contents]  [Back to SECTION Table of Contents]  [UHV HOME]

Open House in Victoria - 5/23/2013

City Golf Championship Banquet - 5/25/2013

Degree Information Session - 5/29/2013

President's Regional Advisory Board - 6/4/2013

Vietnam War Conference - 6/13/2013

Vietnam War Conference - 6/14/2013

Freshman Advising and Preregistration Day - 6/15/2013

View more events...

UHV math professor teaches innovative lesson plans - 05/20/2013

UHV receives designation as Hispanic-Serving Institution - 05/17/2013

UHV SBDC staff members earn global certifications - 05/17/2013

UHV graduates earn among highest first-year paychecks in Texas - 05/16/2013

UHV student receives Salute to Nurses scholarship - 05/16/2013

UHV to offer robotics, digital simulation camp for high school students - 05/16/2013

SBDC seminar to offer free advice on selling to governments - 05/16/2013

UHV open house to help students prepare for summer, fall semesters - 05/16/2013

More News...

University of Houston - Victoria
3007 N. Ben Wilson
Victoria, TX 77901

(361) 570-4848
(877) 970-4848 Texas Toll Free

Request Information on Academic Programs

         

© University of Houston-Victoria | 3007 N. Ben Wilson, Victoria, Texas 77901 | 361-570-4848 | 877-970-4848
Visit UHV |  Webmaster |  UH Sugar Land Campus |  UH System at Cinco Ranch  | University of Houston  | University of Houston System

State of Texas |  Compact with Texans |  Statewide Search |  State Agency Energy Savings  | Emergency Information  | MySafe Campus
Texas Public Information Act |  Governor's Office |  Fraud Reporting |  Institutional Compliance |  Privacy & Policies  | Texas Veterans Portal
Resumes  | Mobile  | Site Index