• I. Overview
• II. Policy Statement
• III. Rationale
• IV. Audience
• V. Procedures
  • 1. Information Resources Security Responsibility and Accountability
  • 2. Acceptable Use
  • 3. Account Management
  • 4. Administrative/Special Access
  • 5. Backup Recovery of Systems and Data
  • 6. Change Management
  • 7. Computer Virus Protection
  • 8. Classification of Sensitive (Category-I) Digital Data
  • 9. Risk Management
  • 10. Reduction of Use and Collection of Social Security Numbers
  • 11. Management of Sensitive Digital Data
  • 12. Electronic Mail (E-mail)
  • 13. Incident Management
  • 14. Internet Use
  • 15. Information Services Privacy
  • 16. Network Access
  • 17. Network Configuration
  • 18. Passwords
  • 19. Physical Access
  • 20. Portable Computing and Remote Access
  • 21. Security Monitoring
  • 22. Security Training
  • 23. System Hardening
  • 24. Software Licensing
  • 25. Secure Development and Administration
  • 26. Vendor Access
  • 27. Right to Monitor
  • 28. Disciplinary Actions
• VI. Implementation
• VII. Appendix
• VIII. Definitions

Information Resources Use and Security Policy

III. Rationale

Title 1 Texas Administrative Code 202.70 (1) states that it is the policy of the state of Texas that information resources residing in the various agencies of State government are strategic and vital assets belonging to the people of Texas. Assets of the university must be available and protected commensurate with their value and must be administered in conformance with federal and state law and UT System Regents' Rules. This Policy provides requirements and guidelines to establish accountability and prudent and acceptable practices regarding the use and safeguarding of the university's information resources; protect the privacy of personally identifiable information contained in the data that constitutes part of its information resources; ensure compliance with applicable policies and state and federal laws regarding the management and security of information resources; and educate individual Users with respect to the responsibilities associated with use of the university's information resources.

This policy serves as the foundation for the university's information security program, and provides the Information Security Office the authority to implement policies, practice standards, and/or procedures necessary to implement a successful information security program in compliance with this policy.