Office of the Vice President for
Administration and Finance
SECTION: INFORMATION TECHNOLOGY INDEX: G-1
SUBJECT: COMPUTER AND
Information resources, including data, computers, networks, telephone systems, and related infrastructure, are vital assets to the university which require protection and security from intruders, malicious acts, and situations and circumstances that may affect availability of use. The Information Technology (IT) department is responsible for developing and maintaining procedures to provide the following security measures to protect those resources:
- Log-on ID's and passwords to provide controlled, legitimate access
- Protection of software, equipment, and infrastructure
- Protection of data, including identification of confidential information
- Security Monitoring
- Disaster recovery/business continuity
- Employee training and notification of security issues
All of the following procedures will be implemented in compliance with Texas Administrative Code Rules 202.70 through 202.78.
Log-on ID’s and passwords
IT provides controlled, legitimate access to resources through the issuance of user ID’s and passwords as specified in the Application Servers section of policy G-3, Campus IT Services. Changes in employment status, such as hires, department transfers, and terminations, must be reported to the Systems Administrator in IT immediately so that access to campus technology resources can be given, modified, or disabled, as appropriate.
Accounts or passwords must not be shared, nor should access be granted or allowed to anyone other than the person to which the account was assigned.
Protection of Software, Equipment, and Infrastructure
Information Technology is responsible for protecting software, equipment and infrastructure.
Software: Software control is specified in Policy G4, Software Management. Before adding new software to university computers and networks, system defaults should be carefully reviewed for potential security holes, and passwords shipped with the software should be changed. Downloading software, particularly software that is not job-related or supported by IT or university administration, may introduce security risks and may be controlled or removed if problems arise from its presence.
Equipment: The university's technology assets are to be housed in appropriately secure physical environments. Technology assets include personal computers, laptops, printers, modems, servers, network equipment and components, interactive video systems, and telephone equipment. All of these items should be located in areas that can be secured for general protection, but the servers and network equipment and components will be located in secure areas with access limited to authorized personnel only.
Infrastructure: Network configuration is installed and maintained in accordance with the Texas Department of Information Resources security policy for network configuration.
Protection of Data
Information Technology will provide and maintain recommended practices (Recommended Practices) for efficient and effective use of technological resources. Access to data is controlled through user ID's and granting permission through those user ID's.
Users are responsible for following all University, System, State, and Federal policies regarding protection of confidential or sensitive data that is stored or transmitted electronically. The storage or transmission of said data must be adequately protected or encrypted using applications or processes available in I.T. Contact the Network Administrator for more information regarding these processes.
Electronic backups are a business requirement to enable the recovery of data and applications in the case of events such as natural disasters, disk drive failures, intrusion, malicious acts, espionage, data entry errors, or system operations errors. Data is backed up as described in the Application Servers section of policy G-3, Campus IT Services
As obsolete or unneeded equipment is disposed of, the university will assess the data stored therein and remove the appropriate data files or sanitize the device to meet Texas Administrative Code requirements. A record of that process and the systems affected will be maintained.
Security Monitoring is a method used to confirm that the security practices and controls in place are being adhered to and are effective. Monitoring consists of activities such as the review of
- Continual automated intrusion detection and prevention logs
- Firewall logs
- User account logs
- Network scanning logs
- Application logs
- Data backup recovery logs
- Help desk logs
- Other log and error files
IT will maintain audit logs on controlled systems to track usage information to a level appropriate for that system, including user sessions and failed connection attempts. IT has the discretion to implement any additional logging as necessary. IT will also perform vulnerability testing of university networks annually.
The I.T. Network Administrator serves as the university’s Information Security Officer, and should be contacted for questions or concerns regarding information security or to report violations of security policies or procedures.
The university provides our students, faculty, staff, and guests an open wireless environment with Internet access as well as limited access to university resources. The wireless environment will meet the requirements of Texas Administrative Code Rule 202.75.
Disaster Recovery/Business Continuity
IT is responsible for insuring business continuity as specified in the University Business Contingency Plan.
Employee Training and Notification of Security Issues
The University of Houston System provides training regarding required security practices, and UHV I.T. will notify university personnel of security incidents of which to be aware and will occasionally send emails reminding university employees of best security practices and confirming their agreement to abide by the Acceptable Usage Policy.
Signature Obtained 03/02/2009
Tim Hudson, Ph.D. Date
Next review date:
Origination: Director of Information Technology
Grant Meeting - 5/22/2013
Open House in Victoria - 5/23/2013
Degree Information Session - 5/29/2013
President's Regional Advisory Board - 6/4/2013
Vietnam War Conference - 6/13/2013
Vietnam War Conference - 6/14/2013
Freshman Advising and Preregistration Day - 6/15/2013
UHV SBDC staff members earn global certifications - 05/17/2013
UHV student receives Salute to Nurses scholarship - 05/16/2013