Stephen F. Austin State University

SFA Home / Policies

Computer & Network Security (D-8.1)

Original Implementation: January 24, 1995
Last Revision: January 19, 2006

Purpose

To establish conditions for use of, and requirements for appropriate security to cover University computing equipment and networks. Computing equipment is defined to include desktops, laptops, servers, handheld devices, and printers. In order to comply with state requirements including the Information Resources Management Act (TEX.GOV'T CODE § 2054) and Texas Administrative Code, Title 1, Part 10, Chapter 202, the Director of Information Technology Services (ITS) has been assigned the role of Information Resources Manager for the University, and the Department of ITS is tasked to ensure compliance.

Scope

This policy is effective at all University locations or data centers and represents the minimum requirements that must be in place. Individual areas that have computers and networks may have additional controls and security, but they are in addition to this Policy.

Policy

1. Each Vice-President, Dean or Director shall designate individuals responsible for the functions listed below. The same person may be responsible for one or more of these functions, but, to ensure continuity, these individuals must be regular University employees, not student employees. Each Vice-President, Dean or Director may specify an individual or the Technical Support Group of ITS to perform these duties, and will inform ITS of their decision.

   1. Computing Equipment Delivery and Setup - In order to establish a secure configuration, these designees, who are responsible for accepting delivery of any computing equipment, are expected to install the equipment and software according to specifications and recommendations of the vendor and all state regulations.

   2. Maintenance and Technical Support - These designees are responsible for providing technical support by troubleshooting daily problems, loading software applications, monitoring desktop security, applying patches and updates as prudent after they are available from the vendor, and performing general maintenance on all computing equipment within their organizational unit.

   3. Security and Password Management - These designees are responsible for security and user access for all computing equipment within their organizational unit. These designees will maintain the administrator/root passwords for local desktop units and will be responsible for providing necessary access to facilitate repairs. These designees will also coordinate with the Maintenance and Technical Support designees in monitoring desktop security and applying patches and updates as prudent after they are available from the vendor. These designees will work with ITS to ensure University computing and network security.

2. Each organizational unit, through its designees, shall implement local security procedures, to include:

   1. Protection of the privacy of confidential information;

   2. Protection of information against unauthorized modification;

   3. Protection of systems against unauthorized access and use.

   Each organizational unit of Stephen F. Austin State University that maintains a local area network(s) must develop a local security procedures document which must conform to this policy statement subject to review by ITS.

3. In order to maintain network security, the University reserves the right to:

   1. Limit, restrict, or terminate an account holder's usage;

   2. Inspect, copy, remove, or otherwise alter any data, file, or system resource that threatens the security of that system or the network, with or without prior notice to the user;

   3. Periodically check the systems and take any other such actions necessary to protect the University computers, information, and networks.

   The University shall not be liable for, and the user assumes the risk of, loss of data or interference with files resulting from the University's efforts to maintain the privacy and security of the University's computer, information and network facilities.

4. Individuals are expected to exercise responsible, ethical behavior when using the University's information resources. The University reserves the right to limit, restrict or extend privileges and access to its resources.

   1. Access to some University information resources is provided through the establishment ofaccount.Issuance of passwords and designation of some computer accounts must be approved in writing through the respective dean or director (or designated representative) of the administrative unit. The unauthorized use of University computer systems, accounts and resources; the unauthorized use of another person's computer account; and the provision of false or misleading information systems are prohibited and will be subject to the sanctions described in this policy.

   2. Each user is responsible for understanding and complying with the policy on Acceptable Use of Information Resources

   3. Each user is responsible for understanding and complying with the policy on Computing Software Copyright.

   4. Because the University permits access to copyrighted data through the Public Internet, it is imperative that each user be responsible for understanding and complying with the policy on Digital Millennium Copyright. This means disciplinary action including termination of service may be taken on any reported copyright infringements that have been investigated and determined valid. (see www.arl.org/info/frn/copy/dmca.html)

   5. Computer systems provided by the University are reserved for use only for University-related activities. (See Chapter 39 of the Texas Penal Code for provisions dealing with the misuse of state property) The intentional deletion or alteration of information or data of others, intentional misuse of system resources, and permitting misuse of system resources by others is prohibited unless otherwise allowed in this policy.

Sanctions for policy violations

Violations of any provision of this policy may result in but are not limited to:

1. a limitation on a user's access to some or all University computer systems,

2. the initiation of legal action by the University, including, but not limited to, criminal prosecution under appropriate State and Federal laws (See Chapter 33 of the Texas Penal Code),

3. the requirement of the violator to provide restitution for any improper use of service, and

4. disciplinary sanctions, which may include dismissal.

Applicable University discipline and/or discharge policies will be followed in the imposition of sanctions related to a violation of this policy.

Many academic courses and work-related activities require the use of computers, networks and systems of the University. In the event of an imposed restriction or termination of access to some or all University computers and systems, a user enrolled in such courses or involved in computer related work activities may be required to use alternative facilities, if any, to satisfy the obligation of such courses or work activity. However, users are advised that if such alternative facilities are unavailable or not feasible, the users bear the responsibility for failure to complete requirements for course work or work responsibility.

 

Source of Authority: Provost/Vice President for Academic Affairs and Vice President for Business Affairs

Cross Reference: University Policies, Acceptable Use of Information Resources F-40, Computing Software Copyright D-43, and Digital Millennium Copyright Policy D-42, Texas Information Resources Management Act, Texas Administrative Code, Texas Penal Code

Contact for Revision: Vice President for Finance and Administration

Forms: None