content
Publication Date: June 24, 2005

Chapter 8

Facilities and University Services

8.12 Information Resources Use and Security Policy

  1. Policy Statement

    At The University of Texas at San Antonio (UTSA), computing and information technology resources are dedicated to the support of the common mission of learning, teaching, researching and engaging in community service. Shared use of and access to these resources requires legal and ethical behavior from all users. Some activities on the UTSA network that are technically possible may nevertheless be prohibited.

    UTSA strives to provide a robust, technologically progressive and secure computing environment for use by the University community. The protection of valuable data within its academic, research and administrative computing facilities is of the utmost importance. The University will promote the widest possible access, use and integrity of information technology resources through awareness programs and technical and physical protective measures. In order to fulfill the mission of the institution, the University community must do everything possible to avoid compromise, degradation or disruption of information services vital to the work of faculty, students and staff.

  2. Scope

    This policy provides general information on the principles on which UTSA’s information security program is based. This policy applies to all users of UTSA computing and information technology resources including faculty, staff, students, guests and external individuals or organizations. Additionally, this policy applies to individuals accessing network services, such as the Internet, on University equipment. UTSA faculty, students and staff rely on networked computers, and the data they create and use, that are contained within those systems to accomplish their work and to achieve the University’s mission. In order to protect those resources, everyone granted access to UTSA information resources must also follow the Information Resources Acceptable Use Policy found at: http://www.utsa.edu/oit/security/sec_accept_use_p.html

  3. Purpose

    4. Protecting the integrity of UTSA’s shared information resources and preserving access to them is a community effort that requires each member to act responsibly and guard against abuses. Both the University community as a whole and each individual user have an obligation to abide by the standards and best practices of the information security program, as outlined in this policy and in the published standards.

    In order to provide the greatest use of its computing and information technology resources for the entire University community, UTSA reserves the right to limit or restrict their use based on institutional priorities and financial considerations, as well as when presented with evidence of a violation of University policy, contractual agreements or state/federal laws.

    UTSA is committed to academic freedom, regardless of the medium of expression. However, the individual’s rights of expression or privacy may be superceded by the responsibility of the University to protect the integrity of information technology resources, the rights of all users and the property of the University.

    This policy consists of numerous standards which are accessible via the links in this policy on the Office of Information Technology Web site. These standards set the appropriate guidelines for acceptable practices regarding information technology and resources at UTSA. All members of the UTSA community -- faculty, students, staff — are required to familiarize themselves with these standards and to conform to these rules and practices.

    The standards include the following:

    1. Account Management
    2. Administrative/Special Access
    3. Backup and Data Recovery
    4. Change Management
    5. Email Management
    6. File Sharing
    7. Incident Management
    8. Information Services Privacy
    9. Internet Use
    10. Intrusion Detection
    11. Network Access
    12. Network Configuration
    13. Passwords
    14. Physical Access
    15. Portable Computing
    16. Security Monitoring
    17. Security Training
    18. Server Hardening
    19. Software Licensing
    20. Systems Development
    21. Vendor Access
    22. Virus Protection
    23. Wireless Communication

  4. Disciplinary Actions

    Violation of this policy and its standards may result in disciplinary action through regular, published disciplinary procedures and may include termination for employees and temporaries; termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; and suspension or expulsion of students. Disciplinary action for faculty members will be referred to the department, the dean, and the Provost Office. Individuals may lose access to UTSA Information Resources and may face civil and/or criminal penalties, depending on the violation.

  5. Applicable Statutes and Existing Policies

    Family Educational Rights and Privacy Act of 1974 (FERPA), as amended in 2000
    Copyright Act of 1976, as amended
    Foreign Corrupt Practices Act of 1977, as amended in 1988
    Computer Fraud and Abuse Act of 1986, as amended in 1996
    Computer Security Act of 1987
    The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
    USA PATRIOT Act of 2001
    The State of Texas Public Information Act
    Texas Government Code, Section 441
    Texas Administrative Code 1 TAC 202
    IRM Act, 2054.075(b)
    The State of Texas Penal Code, Chapters 33 and 33A
    DIR Practices for Protecting Information Resources Assets
    DIR Standards Review and Recommendations Publications Business Procedures Memorandum 53-02-96 (UT System)
    UTSA Student Code of Conduct and Judicial Procedures – Sections 201, 202, 203
    UTSA Code of Ethics, Chapter 4, Handbook of Operating Procedures
    UTSA Information Resource Security Standards

text size | + | R |