Chapter 8 - Facilities and University Services
Previous Publication Date: June 24, 2005
Publication Date: July 26, 2021
Policy Owner: VPIMT
8.12 Information Resources Use and Security Policy
This is not the current policy. For the latest, click here.
-
Policy Statement
At The University of Texas at San Antonio (UTSA), computing and information technology resources are dedicated to the support of the common mission of learning, teaching, researching and engaging in community service. Shared use of and access to these resources requires legal and ethical behavior from all users. Some activities on the UTSA network that are technically possible may nevertheless be prohibited.UTSA strives to provide a robust, technologically progressive and secure computing environment for use by the University community. The protection of valuable data within its academic, research and administrative computing facilities is of the utmost importance. The University will promote the widest possible access, use and integrity of information technology resources through awareness programs and technical and physical protective measures. In order to fulfill the mission of the institution, the University community must do everything possible to avoid compromise, degradation or disruption of information services vital to the work of faculty, students and staff.
- Scope
This policy provides general information on the principles on which UTSA information security program is based. This policy applies to all users of UTSA computing and information technology resources including faculty, staff, students, guests and external individuals or organizations. Additionally, this policy applies to individuals accessing network services, such as the Internet, on University equipment. UTSA faculty, students and staff rely on networked computers, and the data they create and use, that are contained within those systems to accomplish their work and to achieve the University mission. In order to protect those resources, everyone granted access to UTSA information resources must also follow the Information Resources Acceptable Use Policy.
-
Purpose
Protecting the integrity of UTSA shared information resources and preserving access to them is a community effort that requires each member to act responsibly and guard against abuses. Both the University community as a whole and each individual user have an obligation to abide by the standards and best practices of the information security program, as outlined in this policy and in the published standards.In order to provide the greatest use of its computing and information technology resources for the entire University community, UTSA reserves the right to limit or restrict their use based on institutional priorities and financial considerations, as well as when presented with evidence of a violation of University policy, contractual agreements or state/federal laws.
UTSA is committed to academic freedom, regardless of the medium of expression. However, the individual rights of expression or privacy may be superceded by the responsibility of the University to protect the integrity of information technology resources, the rights of all users and the property of the University.
This policy consists of numerous standards which are accessible via the links in this policy on the Office of Information Technology Web site. These standards set the appropriate guidelines for acceptable practices regarding information technology and resources at UTSA. All members of the UTSA community -- faculty, students, staff — are required to familiarize themselves with these standards and to conform to these rules and practices.
The standards include the following:
- Acceptable Use
- Application Administrator
- Administrative or Special Access
- Application Development and Acquisition
- Application Registration
- Change Management
- Computer Naming Convention
- Configuration and Asset Management
- Copiers and Printers
- Data Center Facility
- Data Classification
- Data Encryption
- Data Owner
- Disaster Recovery
- Disposal of Computing Devices
- Email Management
- Enterprise Backup and Data Recovery
- Incident Response
- Information Resources User
- Information Security Administrator
- Information Security Risk Assessment
- Information Security Training
- Information Services Expectation of Privacy
- Internet Use
- Intrusion Detection
- Log in Disclaimer Text
- Managing Access to Secured Shared Spaces
- Minimum Security for Computer Systems
- Network Access
- Network Configuration
- Office Computer Purchases
- Passphrase or Password
- Patch Management
- Personal Computing Security
- Physical Access
- Policy Exception and Risk Assumption
- Portable Computing Security
- Position of Special Trust
- Protection Against Malware
- Security Monitoring
- Server Administrator
- Software Licensing
- Threat Detection and Prevention
- Unauthorized File Sharing
- Vendor Access
- Web Application Vulnerability Scanning
- Wireless Network
- Workstation OS Support
- Disciplinary Actions
Violation of this policy and its standards may result in disciplinary action through regular, published disciplinary procedures and may include termination for employees and temporaries; termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; and suspension or expulsion of students. Disciplinary action for faculty members will be referred to the department, the dean, and the Provost Office. Individuals may lose access to UTSA Information Resources and may face civil and/or criminal penalties, depending on the violation.
- Applicable Statutes and Existing Policies
Family Educational Rights and Privacy Act of 1974 (FERPA), as amended in 2000
Copyright Act of 1976, as amended
Foreign Corrupt Practices Act of 1977, as amended in 1988
Computer Fraud and Abuse Act of 1986, as amended in 1996
Computer Security Act of 1987
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
USA PATRIOT Act of 2001
The State of Texas Public Information Act
Texas Government Code, Section 441
Texas Administrative Code 1 TAC 202
IRM Act, 2054.075(b)
The State of Texas Penal Code, Chapters 33 and 33A
DIR Practices for Protecting Information Resources Assets
DIR Standards Review and Recommendations Publications
The University of Texas System Information Resources Use and Security Policy (UTS165)
UTSA Student Code of Conduct and Judicial Procedures Sections 201, 202, 203
UTSA Code of Ethics, Chapter 4, Handbook of Operating Procedures
UTSA Information Resource Security Standards