From: snewton@oac3.hsc.uth.tmc.edu (Steven E. Newton) Newsgroups: alt.comp.acad-freedom.talk Subject: UT Houston Info Resources Security Policy Date: 11 Feb 94 15:06:02 GMT Message-ID: The following is a transcription of the summary version of the new University of Texas Health Science Center at Houston Information Resources Security Policy. A fuller version of the policy was passed out as a 12-page booklet but I don't have the time to transcribe or scan it right now. I would like to get comments and questions on this from readers of this newsgroup. I've added my comments in [brackets] Thanks s Automated information and information resources owned or managed by the University of Texas Health Science Center at Houston are strategic and vital resources belonging to the people of Texas. These resources require a degree of protection commensurate with their value. Measures shall be taken to protect these resources against accident or unauthorized disclosure, modification or destruction, as well as to assure the security, reliability, integrity and availability of information. These policies apply to all employees, students and contract personnel. 1. Access to university information resources must be secured. The integrity of data, its source, its destination, and processes applied to it must be assured. Changes to data and its usage must be made only in authorized and acceptable ways. 2. University owned or managed information resources must be used only for official state purposes. [ No personal email? No netnews? No fun? ] 3. All passwords to information resources including, but not limited to, network systems, mainframe applications, voice mail or long distance telephone codes are confidential and property of the state. It is illegal to share assigned userids or passwords with anyone. [ What about shared adminstrative accounts? ] 4. Information that is confidential or sensitive must be protected from unauthorized access or modification. This remains in force upon termination of employment or contract. 5. Risks to information resources must be managed at all levels. Data essential to critical state functions must be protected from loss, contamination, or destruction. 6. All individuals are responsible for managing information resources and are accountable for their actions relation to information resources security. 7. Proprietary software may not be copied in violation of a licensing agreement. Violations of Policy Individuals using information resources owned or managed by the university are expected to know and comply with published university policies and procedures. _Failure on the part of any individual to comply may result in disciplinary action including suspension without pay or termination of employment or contract_. A person may be subject to civil or criminal legal sanctions when a violation occurs. It is the responsibility of all personnel to report any suspect or confirmed violations to appropriate management. -- + + + + + + + |snewton@oac.hsc.uth.tmc.edu You can make it foolproof, |Nobody else speaks for me, but you can't make it damnfoolproof. |and I speak for no one else. | + + + + +