Information Security Standards

INTERNET/INTRANET USAGE

GENERAL

Under the provisions of the Information Resources Management Act, Information Resources are strategic assets of the State of Texas and must be managed as valuable state resources. This procedure is established to achieve the following:

1. To ensure compliance with applicable statutes, regulations, and mandates regarding the management of information resources;

2. To establish acceptable practices regarding the use of information resources; and,

3. To educate individuals who may use information resources with respect to their responsibilities associated with such use.

APPLICABILITY

This procedure applies to all University information resources. The purpose of this procedure is to provide a set of measures that will mitigate information security risks associated with Internet/intranet use. The intended audience is all users of University information resources.

PROCEDURES

1. All files downloaded from the Internet/intranet should be scanned by software to safeguard against malicious code.

2. University Internet access may not be used for personal gain or solicitations.

3. No University sensitive or confidential information shall be made available via public University web sites.

a. All sensitive or confidential information transmitted over external networks must be encrypted.

b. Electronic files are subject to the same records retention rules that apply to other documents and must be retained in accordance with University records retention schedules.

c. The University’s primary website is considered a public site, and all materials are considered public. Information on the university’s public website does not require any permission to access. No confidential information may be posted on the university’s public website. Hidden links are not an acceptable method of preventing information from being access. All content on the University’s primary website will be discovered by search engines automatically.

d. Confidential information to be shared within the university must be placed in the document management system, on a network share, or a secured intranet site.

4. Any security violations, and all signs of wrongdoing pertaining to this procedure, shall be reported according to the University Incident Management procedure.

RELATED STATUTES, POLICIES, AND REQUIREMENTS

University Procedure 33.04.02.R0.01, Use of Telecommunications Service

University Information Security Standard Administrative Procedure, Acceptable Use

System Policy 33.04, Use of System Property

HISTORY

Last Updated March 31, 2014